Vulnerability-Lookup

CVE-2024-27982 (GCVE-0-2024-27982)

Vulnerability from cvelistv5 – Published: 2024-05-07 16:40 – Updated: 2025-11-04 22:06

Summary

The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.

Severity

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Assigner

hackerone

References

1 reference

URL	Tags
https://hackerone.com/reports/2237099

Impacted products

1 product

Vendor	Product	Version
NodeJS	Node	Affected: 4.0 , < 4.* (semver) Affected: 5.0 , < 5.* (semver) Affected: 6.0 , < 6.* (semver) Affected: 7.0 , < 7.* (semver) Affected: 8.0 , < 8.* (semver) Affected: 9.0 , < 9.* (semver) Affected: 10.0 , < 10.* (semver) Affected: 11.0 , < 11.* (semver) Affected: 12.0 , < 12.* (semver) Affected: 13.0 , < 13.* (semver) Affected: 14.0 , < 14.* (semver) Affected: 15.0 , < 15.* (semver) Affected: 16.0 , < 16.* (semver) Affected: 17.0 , < 17.* (semver) Affected: 18.0 , < 18.20.1 (semver) Affected: 19.0 , < 19.* (semver) Affected: 20.0 , < 20.12.1 (semver) Affected: 21.0 , < 21.7.2 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:nodejs:node.js:-:*:*:*:*:-:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "node.js",
            "vendor": "nodejs",
            "versions": [
              {
                "status": "affected",
                "version": "20.12.0, 21.7.2, 18.20.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27982",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-07T18:19:19.540907Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-444",
                "description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-28T20:38:42.197Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T22:06:04.271Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/2237099"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250418-0001/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00029.html"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QJAKA33NJCI3XLQS2K36DRCUMWIFFYVU/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDECX4BYZLMM4S4LALN4DPZ2HUTTPLKE/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4M5XZZONMS4DAZE3CNDFDRSB6JQCL6Y/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Node",
          "vendor": "NodeJS",
          "versions": [
            {
              "lessThan": "4.*",
              "status": "affected",
              "version": "4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.*",
              "status": "affected",
              "version": "5.0",
              "versionType": "semver"
            },
            {
              "lessThan": "6.*",
              "status": "affected",
              "version": "6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "7.*",
              "status": "affected",
              "version": "7.0",
              "versionType": "semver"
            },
            {
              "lessThan": "8.*",
              "status": "affected",
              "version": "8.0",
              "versionType": "semver"
            },
            {
              "lessThan": "9.*",
              "status": "affected",
              "version": "9.0",
              "versionType": "semver"
            },
            {
              "lessThan": "10.*",
              "status": "affected",
              "version": "10.0",
              "versionType": "semver"
            },
            {
              "lessThan": "11.*",
              "status": "affected",
              "version": "11.0",
              "versionType": "semver"
            },
            {
              "lessThan": "12.*",
              "status": "affected",
              "version": "12.0",
              "versionType": "semver"
            },
            {
              "lessThan": "13.*",
              "status": "affected",
              "version": "13.0",
              "versionType": "semver"
            },
            {
              "lessThan": "14.*",
              "status": "affected",
              "version": "14.0",
              "versionType": "semver"
            },
            {
              "lessThan": "15.*",
              "status": "affected",
              "version": "15.0",
              "versionType": "semver"
            },
            {
              "lessThan": "16.*",
              "status": "affected",
              "version": "16.0",
              "versionType": "semver"
            },
            {
              "lessThan": "17.*",
              "status": "affected",
              "version": "17.0",
              "versionType": "semver"
            },
            {
              "lessThan": "18.20.1",
              "status": "affected",
              "version": "18.0",
              "versionType": "semver"
            },
            {
              "lessThan": "19.*",
              "status": "affected",
              "version": "19.0",
              "versionType": "semver"
            },
            {
              "lessThan": "20.12.1",
              "status": "affected",
              "version": "20.0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.7.2",
              "status": "affected",
              "version": "21.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-30T22:25:16.878Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://hackerone.com/reports/2237099"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2024-27982",
    "datePublished": "2024-05-07T16:40:02.518Z",
    "dateReserved": "2024-02-29T01:04:06.640Z",
    "dateUpdated": "2025-11-04T22:06:04.271Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-27982",
      "date": "2026-05-31",
      "epss": "0.00529",
      "percentile": "0.67486"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-27982\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2024-05-07T17:15:07.663\",\"lastModified\":\"2025-11-04T22:15:59.513\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.\"},{\"lang\":\"es\",\"value\":\"El equipo ha identificado una vulnerabilidad cr\u00edtica en el servidor http de la versi\u00f3n m\u00e1s reciente de Node, donde los encabezados con formato incorrecto pueden provocar el contrabando de solicitudes HTTP. Espec\u00edficamente, si se coloca un espacio antes de un encabezado de longitud de contenido, no se interpreta correctamente, lo que permite a los atacantes introducir de contrabando una segunda solicitud dentro del cuerpo de la primera.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]}],\"references\":[{\"url\":\"https://hackerone.com/reports/2237099\",\"source\":\"support@hackerone.com\"},{\"url\":\"https://hackerone.com/reports/2237099\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/09/msg00029.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDECX4BYZLMM4S4LALN4DPZ2HUTTPLKE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QJAKA33NJCI3XLQS2K36DRCUMWIFFYVU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4M5XZZONMS4DAZE3CNDFDRSB6JQCL6Y/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20250418-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://hackerone.com/reports/2237099\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20250418-0001/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/09/msg00029.html\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QJAKA33NJCI3XLQS2K36DRCUMWIFFYVU/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDECX4BYZLMM4S4LALN4DPZ2HUTTPLKE/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4M5XZZONMS4DAZE3CNDFDRSB6JQCL6Y/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T22:06:04.271Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-27982\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-07T18:19:19.540907Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:nodejs:node.js:-:*:*:*:*:-:*:*\"], \"vendor\": \"nodejs\", \"product\": \"node.js\", \"versions\": [{\"status\": \"affected\", \"version\": \"20.12.0, 21.7.2, 18.20.0\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-444\", \"description\": \"CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-07T18:18:42.248Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\"}}], \"affected\": [{\"vendor\": \"NodeJS\", \"product\": \"Node\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.0\", \"lessThan\": \"4.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"5.0\", \"lessThan\": \"5.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"6.0\", \"lessThan\": \"6.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"7.0\", \"lessThan\": \"7.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"8.0\", \"lessThan\": \"8.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"9.0\", \"lessThan\": \"9.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"10.0\", \"lessThan\": \"10.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"11.0\", \"lessThan\": \"11.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"12.0\", \"lessThan\": \"12.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"13.0\", \"lessThan\": \"13.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"14.0\", \"lessThan\": \"14.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"15.0\", \"lessThan\": \"15.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"16.0\", \"lessThan\": \"16.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"17.0\", \"lessThan\": \"17.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"18.0\", \"lessThan\": \"18.20.1\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"19.0\", \"lessThan\": \"19.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"20.0\", \"lessThan\": \"20.12.1\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"21.0\", \"lessThan\": \"21.7.2\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://hackerone.com/reports/2237099\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.\"}], \"providerMetadata\": {\"orgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"shortName\": \"hackerone\", \"dateUpdated\": \"2025-04-30T22:25:16.878Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-27982\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T22:06:04.271Z\", \"dateReserved\": \"2024-02-29T01:04:06.640Z\", \"assignerOrgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"datePublished\": \"2024-05-07T16:40:02.518Z\", \"assignerShortName\": \"hackerone\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

NCSC-2024-0433

Vulnerability from csaf_ncscnl - Published: 2024-11-12 14:19 - Updated: 2024-11-12 14:19

Summary

Kwetsbaarheden verholpen in Siemens producten

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: Siemens heeft kwetsbaarheden verholpen in diverse producten als Mendix, RUGGEDCOM, SCALANCE, SIMATIC en SINEC.

Interpretaties: De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade: - Denial-of-Service (DoS) - Cross-Site-Scripting (XSS) - Manipulatie van gegevens - Omzeilen van een beveiligingsmaatregel - Omzeilen van authenticatie - (Remote) code execution (Administrator/Root rechten) - (Remote) code execution (Gebruikersrechten) - Toegang tot systeemgegevens - Verhoogde gebruikersrechten De kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.

Oplossingen: Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-606: Unchecked Input for Loop Condition

CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation

CWE-115: Misinterpretation of Input

CWE-1059: Insufficient Technical Documentation

CWE-1325: Improperly Controlled Sequential Memory Allocation

CWE-222: Truncation of Security-relevant Information

CWE-310: CWE-310

CWE-328: Use of Weak Hash

CWE-1284: Improper Validation of Specified Quantity in Input

CWE-213: Exposure of Sensitive Information Due to Incompatible Policies

CWE-1268: Policy Privileges are not Assigned Consistently Between Control and Data Agents

CWE-684: Incorrect Provision of Specified Functionality

CWE-772: Missing Release of Resource after Effective Lifetime

CWE-208: Observable Timing Discrepancy

CWE-201: Insertion of Sensitive Information Into Sent Data

CWE-834: Excessive Iteration

CWE-266: Incorrect Privilege Assignment

CWE-942: Permissive Cross-domain Policy with Untrusted Domains

CWE-271: Privilege Dropping / Lowering Errors

CWE-732: Incorrect Permission Assignment for Critical Resource

CWE-667: Improper Locking

CWE-440: Expected Behavior Violation

CWE-297: Improper Validation of Certificate with Host Mismatch

CWE-311: Missing Encryption of Sensitive Data

CWE-754: Improper Check for Unusual or Exceptional Conditions

CWE-617: Reachable Assertion

CWE-427: Uncontrolled Search Path Element

CWE-319: Cleartext Transmission of Sensitive Information

CWE-613: Insufficient Session Expiration

CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CWE-203: Observable Discrepancy

CWE-354: Improper Validation of Integrity Check Value

CWE-325: Missing Cryptographic Step

CWE-190: Integer Overflow or Wraparound

CWE-321: Use of Hard-coded Cryptographic Key

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-125: Out-of-bounds Read

CWE-404: Improper Resource Shutdown or Release

CWE-275: CWE-275

CWE-284: Improper Access Control

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-1333: Inefficient Regular Expression Complexity

CWE-416: Use After Free

CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

CWE-401: Missing Release of Memory after Effective Lifetime

CWE-476: NULL Pointer Dereference

CWE-295: Improper Certificate Validation

CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

CWE-94: Improper Control of Generation of Code ('Code Injection')

CWE-327: Use of a Broken or Risky Cryptographic Algorithm

CWE-436: Interpretation Conflict

CWE-400: Uncontrolled Resource Consumption

CWE-770: Allocation of Resources Without Limits or Throttling

CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-502: Deserialization of Untrusted Data

CWE-918: Server-Side Request Forgery (SSRF)

CWE-863: Incorrect Authorization

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-787: Out-of-bounds Write

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE-122: Heap-based Buffer Overflow

CWE-121: Stack-based Buffer Overflow

CWE-789: Memory Allocation with Excessive Size Value

CWE-269: Improper Privilege Management

CWE-20: Improper Input Validation

CWE-287: Improper Authentication

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2021-3506

CWE-125 - Out-of-bounds Read

CVE-2023-2975

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-287 - Improper Authentication

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
simatic_mv500_family siemens	`cpe:2.3:a:siemens:simatic_mv500_family::::::::`	—
sinec_nms siemens	`cpe:2.3:a:siemens:sinec_nms::::::::`	—

CVE-2023-3341

CWE-20 - Improper Input Validation

CVE-2023-3446

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 10 products

Product	Identifier	Version
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_::::::::`	—
siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_ siemens	`cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_::::::::`	—
simatic_mv500_family siemens	`cpe:2.3:a:siemens:simatic_mv500_family::::::::`	—
sinec_nms siemens	`cpe:2.3:a:siemens:sinec_nms::::::::`	—
telecontrol_server_basic_v3 siemens	`cpe:2.3:a:siemens:telecontrol_server_basic_v3::::::::`	—
simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem siemens	`cpe:2.3:a:siemens:simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem::::::::`	—
st7_scadaconnect__6nh7997-5da10-0aa0_ siemens	`cpe:2.3:a:siemens:st7_scadaconnect__6nh7997-5da10-0aa0_::::::::`	—

CVE-2023-3817

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 8 products

Product	Identifier	Version
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_::::::::`	—
siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_ siemens	`cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_::::::::`	—
simatic_s7 siemens	`cpe:2.3:h:siemens:simatic_s7:1500:::::::*`	—
simatic_mv500_family siemens	`cpe:2.3:a:siemens:simatic_mv500_family::::::::`	—
sinec_nms siemens	`cpe:2.3:a:siemens:sinec_nms::::::::`	—

CVE-2023-4236

CWE-617 - Reachable Assertion

CVE-2023-4408

CWE-400 - Uncontrolled Resource Consumption

CVE-2023-4807

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-20 - Improper Input Validation

Affected products

Known affected 13 products

Product	Identifier	Version
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_::::::::`	—
siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_ siemens	`cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_::::::::`	—
telecontrol_server_basic_v3 siemens	`cpe:2.3:a:siemens:telecontrol_server_basic_v3::::::::`	—
simatic_rtls_locating_manager__6gt2780-0da00_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da00_::::::::`	—
simatic_rtls_locating_manager__6gt2780-0da10_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da10_::::::::`	—
simatic_rtls_locating_manager__6gt2780-0da20_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da20_::::::::`	—
simatic_rtls_locating_manager__6gt2780-0da30_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da30_::::::::`	—
simatic_rtls_locating_manager__6gt2780-1ea10_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-1ea10_::::::::`	—
simatic_rtls_locating_manager__6gt2780-1ea20_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-1ea20_::::::::`	—
simatic_rtls_locating_manager__6gt2780-1ea30_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-1ea30_::::::::`	—

CVE-2023-5363

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-325 - Missing Cryptographic Step

Affected products

Known affected 7 products

Product	Identifier	Version
simatic_rtls_locating_manager__6gt2780-0da00_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da00_::::::::`	—
simatic_rtls_locating_manager__6gt2780-0da10_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da10_::::::::`	—
simatic_rtls_locating_manager__6gt2780-0da20_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da20_::::::::`	—
simatic_rtls_locating_manager__6gt2780-0da30_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da30_::::::::`	—
simatic_rtls_locating_manager__6gt2780-1ea10_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-1ea10_::::::::`	—
simatic_rtls_locating_manager__6gt2780-1ea20_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-1ea20_::::::::`	—
simatic_rtls_locating_manager__6gt2780-1ea30_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-1ea30_::::::::`	—

CVE-2023-5517

CWE-617 - Reachable Assertion

CVE-2023-5678

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Affected products

Known affected 17 products

CVE-2023-5679

CWE-617 - Reachable Assertion

CVE-2023-5680

CWE-400 - Uncontrolled Resource Consumption

CVE-2023-6129

CWE-328 - Use of Weak Hash

CVE-2023-6237

CWE-400 - Uncontrolled Resource Consumption

CVE-2023-6516

CWE-770 - Allocation of Resources Without Limits or Throttling

CVE-2023-7104

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem siemens	`cpe:2.3:a:siemens:simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem::::::::`	—

CVE-2023-28450

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 11 products

Product	Identifier	Version
scalance_xch328__6gk5328-4ts01-2ec2_ siemens	`cpe:2.3:a:siemens:scalance_xch328__6gk5328-4ts01-2ec2_::::::::`	—
scalance_xcm324__6gk5324-8ts01-2ac2_ siemens	`cpe:2.3:a:siemens:scalance_xcm324__6gk5324-8ts01-2ac2_::::::::`	—
scalance_xcm328__6gk5328-4ts01-2ac2_ siemens	`cpe:2.3:a:siemens:scalance_xcm328__6gk5328-4ts01-2ac2_::::::::`	—
scalance_xcm332__6gk5332-0ga01-2ac2_ siemens	`cpe:2.3:a:siemens:scalance_xcm332__6gk5332-0ga01-2ac2_::::::::`	—
scalance_xrh334__24_v_dc__8xfo__cc___6gk5334-2ts01-2er3_ siemens	`cpe:2.3:a:siemens:scalance_xrh334__24_v_dc__8xfo__cc___6gk5334-2ts01-2er3_::::::::`	—
scalance_xrm334__230_v_ac__12xfo___6gk5334-3ts01-3ar3_ siemens	`cpe:2.3:a:siemens:scalance_xrm334__230_v_ac__12xfo___6gk5334-3ts01-3ar3_::::::::`	—
scalance_xrm334__230_v_ac__8xfo___6gk5334-2ts01-3ar3_ siemens	`cpe:2.3:a:siemens:scalance_xrm334__230_v_ac__8xfo___6gk5334-2ts01-3ar3_::::::::`	—
scalance_xrm334__24_v_dc__12xfo___6gk5334-3ts01-2ar3_ siemens	`cpe:2.3:a:siemens:scalance_xrm334__24_v_dc__12xfo___6gk5334-3ts01-2ar3_::::::::`	—
scalance_xrm334__24_v_dc__8xfo___6gk5334-2ts01-2ar3_ siemens	`cpe:2.3:a:siemens:scalance_xrm334__24_v_dc__8xfo___6gk5334-2ts01-2ar3_::::::::`	—
scalance_xrm334__2x230_v_ac__12xfo___6gk5334-3ts01-4ar3_ siemens	`cpe:2.3:a:siemens:scalance_xrm334__2x230_v_ac__12xfo___6gk5334-3ts01-4ar3_::::::::`	—
scalance_xrm334__2x230_v_ac__8xfo___6gk5334-2ts01-4ar3_ siemens	`cpe:2.3:a:siemens:scalance_xrm334__2x230_v_ac__8xfo___6gk5334-2ts01-4ar3_::::::::`	—

CVE-2023-30584

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
sinec_nms siemens	`cpe:2.3:a:siemens:sinec_nms::::::::`	—

CVE-2023-32002

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-275 - -

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
sinec_nms siemens	`cpe:2.3:a:siemens:sinec_nms::::::::`	—

CVE-2023-32003

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
sinec_nms siemens	`cpe:2.3:a:siemens:sinec_nms::::::::`	—

CVE-2023-32004

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
sinec_nms siemens	`cpe:2.3:a:siemens:sinec_nms::::::::`	—

CVE-2023-32005

CWE-275 - -

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
sinec_nms siemens	`cpe:2.3:a:siemens:sinec_nms::::::::`	—

CVE-2023-32006

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-275 - -

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
sinec_nms siemens	`cpe:2.3:a:siemens:sinec_nms::::::::`	—

CVE-2023-32558

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
sinec_nms siemens	`cpe:2.3:a:siemens:sinec_nms::::::::`	—

CVE-2023-32559

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-275 - -

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
sinec_nms siemens	`cpe:2.3:a:siemens:sinec_nms::::::::`	—

CVE-2023-32736

7.3 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-502 - Deserialization of Untrusted Data

Affected products

Known affected 30 products

Product	Identifier	Version
simatic_s7-plcsim_v16 siemens	`cpe:2.3:a:siemens:simatic_s7-plcsim_v16::::::::`	—
simatic_s7-plcsim_v17 siemens	`cpe:2.3:a:siemens:simatic_s7-plcsim_v17::::::::`	—
simatic_step_7_safety_v16 siemens	`cpe:2.3:a:siemens:simatic_step_7_safety_v16::::::::`	—
simatic_step_7_safety_v17 siemens	`cpe:2.3:a:siemens:simatic_step_7_safety_v17::::::::`	—
simatic_step_7_safety_v18 siemens	`cpe:2.3:a:siemens:simatic_step_7_safety_v18::::::::`	—
simatic_step_7_v16 siemens	`cpe:2.3:a:siemens:simatic_step_7_v16::::::::`	—
simatic_step_7_v17 siemens	`cpe:2.3:a:siemens:simatic_step_7_v17::::::::`	—
simatic_step_7_v18 siemens	`cpe:2.3:a:siemens:simatic_step_7_v18::::::::`	—
simatic_wincc_unified_v16 siemens	`cpe:2.3:a:siemens:simatic_wincc_unified_v16::::::::`	—
simatic_wincc_unified_v17 siemens	`cpe:2.3:a:siemens:simatic_wincc_unified_v17::::::::`	—
simatic_wincc_unified_v18 siemens	`cpe:2.3:a:siemens:simatic_wincc_unified_v18::::::::`	—
simatic_wincc_v16 siemens	`cpe:2.3:a:siemens:simatic_wincc_v16::::::::`	—
simatic_wincc_v17 siemens	`cpe:2.3:a:siemens:simatic_wincc_v17::::::::`	—
simatic_wincc_v18 siemens	`cpe:2.3:a:siemens:simatic_wincc_v18::::::::`	—
simocode_es_v16 siemens	`cpe:2.3:a:siemens:simocode_es_v16::::::::`	—
simocode_es_v17 siemens	`cpe:2.3:a:siemens:simocode_es_v17::::::::`	—
simocode_es_v18 siemens	`cpe:2.3:a:siemens:simocode_es_v18::::::::`	—
simotion_scout_tia_v5.4_sp1 siemens	`cpe:2.3:a:siemens:simotion_scout_tia_v5.4_sp1::::::::`	—
simotion_scout_tia_v5.4_sp3 siemens	`cpe:2.3:a:siemens:simotion_scout_tia_v5.4_sp3::::::::`	—
simotion_scout_tia_v5.5_sp1 siemens	`cpe:2.3:a:siemens:simotion_scout_tia_v5.5_sp1::::::::`	—
sinamics_startdrive_v16 siemens	`cpe:2.3:a:siemens:sinamics_startdrive_v16::::::::`	—
sinamics_startdrive_v17 siemens	`cpe:2.3:a:siemens:sinamics_startdrive_v17::::::::`	—
sinamics_startdrive_v18 siemens	`cpe:2.3:a:siemens:sinamics_startdrive_v18::::::::`	—
sirius_safety_es_v17 siemens	`cpe:2.3:a:siemens:sirius_safety_es_v17::::::::`	—
sirius_safety_es_v18 siemens	`cpe:2.3:a:siemens:sirius_safety_es_v18::::::::`	—
sirius_soft_starter_es_v17 siemens	`cpe:2.3:a:siemens:sirius_soft_starter_es_v17::::::::`	—
sirius_soft_starter_es_v18 siemens	`cpe:2.3:a:siemens:sirius_soft_starter_es_v18::::::::`	—
tia_portal_cloud_v16 siemens	`cpe:2.3:a:siemens:tia_portal_cloud_v16::::::::`	—
tia_portal_cloud_v17 siemens	`cpe:2.3:a:siemens:tia_portal_cloud_v17::::::::`	—
tia_portal_cloud_v18 siemens	`cpe:2.3:a:siemens:tia_portal_cloud_v18::::::::`	—

CVE-2023-38552

CWE-354 - Improper Validation of Integrity Check Value

CVE-2023-38709

CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

CVE-2023-39331

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2023-39332

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2023-39333

CWE-94 - Improper Control of Generation of Code ('Code Injection')

CVE-2023-44487

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 8 products

Product	Identifier	Version
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_::::::::`	—
siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_ siemens	`cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_::::::::`	—
sinec_nms siemens	`cpe:2.3:a:siemens:sinec_nms::::::::`	—
ruggedcom_ape1808 siemens	`cpe:2.3:a:siemens:ruggedcom_ape1808::::::::`	—
st7_scadaconnect__6nh7997-5da10-0aa0_ siemens	`cpe:2.3:a:siemens:st7_scadaconnect__6nh7997-5da10-0aa0_::::::::`	—

CVE-2023-45143

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

CVE-2023-46218

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-201 - Insertion of Sensitive Information Into Sent Data

Affected products

Known affected 12 products

Product	Identifier	Version
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_::::::::`	—
siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_ siemens	`cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_::::::::`	—
simatic_rtls_locating_manager__6gt2780-0da00_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da00_::::::::`	—
simatic_rtls_locating_manager__6gt2780-0da10_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da10_::::::::`	—
simatic_rtls_locating_manager__6gt2780-0da20_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da20_::::::::`	—
simatic_rtls_locating_manager__6gt2780-0da30_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da30_::::::::`	—
simatic_rtls_locating_manager__6gt2780-1ea10_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-1ea10_::::::::`	—
simatic_rtls_locating_manager__6gt2780-1ea20_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-1ea20_::::::::`	—
simatic_rtls_locating_manager__6gt2780-1ea30_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-1ea30_::::::::`	—

CVE-2023-46219

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-311 - Missing Encryption of Sensitive Data

Affected products

Known affected 12 products

Product	Identifier	Version
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_::::::::`	—
siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_ siemens	`cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_::::::::`	—
simatic_rtls_locating_manager__6gt2780-0da00_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da00_::::::::`	—
simatic_rtls_locating_manager__6gt2780-0da10_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da10_::::::::`	—
simatic_rtls_locating_manager__6gt2780-0da20_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da20_::::::::`	—
simatic_rtls_locating_manager__6gt2780-0da30_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da30_::::::::`	—
simatic_rtls_locating_manager__6gt2780-1ea10_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-1ea10_::::::::`	—
simatic_rtls_locating_manager__6gt2780-1ea20_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-1ea20_::::::::`	—
simatic_rtls_locating_manager__6gt2780-1ea30_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-1ea30_::::::::`	—

CVE-2023-46280

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Known affected 77 products

Product	Identifier	Version
sinec_nms siemens	`cpe:2.3:a:siemens:sinec_nms:0:::::::*`	—
sinec_nms siemens	`cpe:2.3:a:siemens:sinec_nms::::::::`	—
sinumerik_plc_programming_tool siemens	`cpe:2.3:a:siemens:sinumerik_plc_programming_tool::::::::`	—
simatic_batch_v9.1 siemens	`cpe:2.3:a:siemens:simatic_batch_v9.1::::::::`	—
sinamics_startdrive siemens	`cpe:2.3:a:siemens:sinamics_startdrive::::::::`	—
simatic_wincc siemens	`cpe:2.3:a:siemens:simatic_wincc::::::::`	—
sinumerik_one_virtual siemens	`cpe:2.3:a:siemens:sinumerik_one_virtual::::::::`	—
simatic_wincc_runtime_professional siemens	`cpe:2.3:a:siemens:simatic_wincc_runtime_professional::::::::`	—
tia_portal_cloud_connector siemens	`cpe:2.3:a:siemens:tia_portal_cloud_connector::::::::`	—
simatic_wincc_runtime_advanced siemens	`cpe:2.3:a:siemens:simatic_wincc_runtime_advanced::::::::`	—
simatic_automation_tool siemens	`cpe:2.3:a:siemens:simatic_automation_tool:0:::::::*`	—
simatic_net_pc_software_v19 siemens	`cpe:2.3:a:siemens:simatic_net_pc_software_v19:0:::::::*`	—
simatic_wincc_unified_pc_runtime_v18 siemens	`cpe:2.3:a:siemens:simatic_wincc_unified_pc_runtime_v18:0:::::::*`	—
s7-pct siemens	`cpe:2.3:a:siemens:s7-pct::::::::`	—
security_configuration_tool__sct_ siemens	`cpe:2.3:a:siemens:security_configuration_tool__sct_::::::::`	—
simatic_net_pc_software_v16 siemens	`cpe:2.3:a:siemens:simatic_net_pc_software_v16::::::::`	—
simatic_net_pc_software_v17 siemens	`cpe:2.3:a:siemens:simatic_net_pc_software_v17::::::::`	—
simatic_net_pc_software_v18 siemens	`cpe:2.3:a:siemens:simatic_net_pc_software_v18::::::::`	—
simatic_net_pc_software_v19 siemens	`cpe:2.3:a:siemens:simatic_net_pc_software_v19::::::::`	—
simatic_pcs_7_v9.1 siemens	`cpe:2.3:a:siemens:simatic_pcs_7_v9.1::::::::`	—
simatic_pdm_v9.2 siemens	`cpe:2.3:a:siemens:simatic_pdm_v9.2::::::::`	—
simatic_route_control_v9.1 siemens	`cpe:2.3:a:siemens:simatic_route_control_v9.1::::::::`	—
simatic_step_7_v5 siemens	`cpe:2.3:a:siemens:simatic_step_7_v5::::::::`	—
simatic_wincc_oa_v3.17 siemens	`cpe:2.3:a:siemens:simatic_wincc_oa_v3.17::::::::`	—
simatic_wincc_oa_v3.18 siemens	`cpe:2.3:a:siemens:simatic_wincc_oa_v3.18::::::::`	—
simatic_wincc_oa_v3.19 siemens	`cpe:2.3:a:siemens:simatic_wincc_oa_v3.19::::::::`	—
simatic_wincc_runtime_professional_v16 siemens	`cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v16::::::::`	—
simatic_wincc_runtime_professional_v17 siemens	`cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v17::::::::`	—
simatic_wincc_runtime_professional_v18 siemens	`cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v18::::::::`	—
simatic_wincc_runtime_professional_v19 siemens	`cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v19::::::::`	—
simatic_wincc_unified_pc_runtime_v18 siemens	`cpe:2.3:a:siemens:simatic_wincc_unified_pc_runtime_v18::::::::`	—
simatic_wincc_v7.4 siemens	`cpe:2.3:a:siemens:simatic_wincc_v7.4::::::::`	—
simatic_wincc_v7.5 siemens	`cpe:2.3:a:siemens:simatic_wincc_v7.5::::::::`	—
simatic_wincc_v8.0 siemens	`cpe:2.3:a:siemens:simatic_wincc_v8.0::::::::`	—
totally_integrated_automation_portal__tia_portal__v15.1 siemens	`cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v15.1::::::::`	—
totally_integrated_automation_portal__tia_portal__v16 siemens	`cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v16::::::::`	—
totally_integrated_automation_portal__tia_portal__v17 siemens	`cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v17::::::::`	—
totally_integrated_automation_portal__tia_portal__v18 siemens	`cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v18::::::::`	—
totally_integrated_automation_portal__tia_portal__v19 siemens	`cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v19::::::::`	—
s7-pct siemens	`cpe:2.3:a:siemens:s7-pct:0:::::::*`	—
security_configuration_tool__sct_ siemens	`cpe:2.3:a:siemens:security_configuration_tool__sct_:0:::::::*`	—
simatic_automation_tool siemens	`cpe:2.3:a:siemens:simatic_automation_tool:all_versions:::::::*`	—
simatic_batch_v9.1 siemens	`cpe:2.3:a:siemens:simatic_batch_v9.1:0:::::::*`	—
simatic_net_pc_software siemens	`cpe:2.3:a:siemens:simatic_net_pc_software:0:::::::*`	—
simatic_pcs_7_v9.1 siemens	`cpe:2.3:a:siemens:simatic_pcs_7_v9.1:0:::::::*`	—
simatic_pdm_v9.2 siemens	`cpe:2.3:a:siemens:simatic_pdm_v9.2:0:::::::*`	—
simatic_route_control_v9.1 siemens	`cpe:2.3:a:siemens:simatic_route_control_v9.1:0:::::::*`	—
simatic_step_7_v5 siemens	`cpe:2.3:a:siemens:simatic_step_7_v5:0:::::::*`	—
simatic_wincc_oa_v3.17 siemens	`cpe:2.3:a:siemens:simatic_wincc_oa_v3.17:0:::::::*`	—
simatic_wincc_oa_v3.18 siemens	`cpe:2.3:a:siemens:simatic_wincc_oa_v3.18:0:::::::*`	—
simatic_wincc_oa_v3.19 siemens	`cpe:2.3:a:siemens:simatic_wincc_oa_v3.19:0:::::::*`	—
simatic_wincc_runtime_advanced siemens	`cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:0:::::::*`	—
simatic_wincc_runtime_professional_v16 siemens	`cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v16:0:::::::*`	—
simatic_wincc_runtime_professional_v17 siemens	`cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v17:0:::::::*`	—
simatic_wincc_runtime_professional_v18 siemens	`cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v18:0:::::::*`	—
simatic_wincc_runtime_professional_v19 siemens	`cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v19:0:::::::*`	—
simatic_wincc_unified_pc_runtime siemens	`cpe:2.3:a:siemens:simatic_wincc_unified_pc_runtime:0:::::::*`	—
simatic_wincc_v7.4 siemens	`cpe:2.3:a:siemens:simatic_wincc_v7.4:0:::::::*`	—
simatic_wincc_v7.5 siemens	`cpe:2.3:a:siemens:simatic_wincc_v7.5:0:::::::*`	—
simatic_wincc_v8.0 siemens	`cpe:2.3:a:siemens:simatic_wincc_v8.0:0:::::::*`	—
sinamics_startdrive siemens	`cpe:2.3:a:siemens:sinamics_startdrive:0:::::::*`	—
sinumerik_one_virtual siemens	`cpe:2.3:a:siemens:sinumerik_one_virtual:0:::::::*`	—
sinumerik_plc_programming_tool siemens	`cpe:2.3:a:siemens:sinumerik_plc_programming_tool:0:::::::*`	—
tia_portal_cloud_connector siemens	`cpe:2.3:a:siemens:tia_portal_cloud_connector:0:::::::*`	—
totally_integrated_automation_portal__tia_portal__v15.1 siemens	`cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v15.1:0:::::::*`	—
totally_integrated_automation_portal__tia_portal__v16 siemens	`cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v16:0:::::::*`	—
totally_integrated_automation_portal__tia_portal__v17 siemens	`cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v17:0:::::::*`	—
totally_integrated_automation_portal__tia_portal__v18 siemens	`cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v18:0:::::::*`	—
totally_integrated_automation_portal__tia_portal__v19 siemens	`cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v19:0:::::::*`	—
totally_integrated_automation_portal siemens	`cpe:2.3:a:siemens:totally_integrated_automation_portal:16:::::::*`	—
simatic_automation_tool siemens	`cpe:2.3:a:siemens:simatic_automation_tool::::::::`	—
totally_integrated_automation_portal siemens	`cpe:2.3:a:siemens:totally_integrated_automation_portal:19:::::::*`	—
totally_integrated_automation_portal siemens	`cpe:2.3:a:siemens:totally_integrated_automation_portal:18:::::::*`	—
totally_integrated_automation_portal siemens	`cpe:2.3:a:siemens:totally_integrated_automation_portal:17:::::::*`	—
simatic_net_pc_software_v16 siemens	`cpe:2.3:a:siemens:simatic_net_pc_software_v16:0:::::::*`	—
simatic_net_pc_software_v17 siemens	`cpe:2.3:a:siemens:simatic_net_pc_software_v17:0:::::::*`	—
simatic_net_pc_software_v18 siemens	`cpe:2.3:a:siemens:simatic_net_pc_software_v18:0:::::::*`	—

CVE-2023-46809

CWE-208 - Observable Timing Discrepancy

CVE-2023-47038

CWE-122 - Heap-based Buffer Overflow

CVE-2023-47039

CWE-122 - Heap-based Buffer Overflow

CVE-2023-47100

CVE-2023-48795

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-222 - Truncation of Security-relevant Information

Affected products

Known affected 7 products

Product	Identifier	Version
ruggedcom_ape1808 siemens	`cpe:2.3:a:siemens:ruggedcom_ape1808::::::::`	—
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_::::::::`	—
siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_ siemens	`cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_::::::::`	—
simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem siemens	`cpe:2.3:a:siemens:simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem::::::::`	—

CVE-2023-49441

CWE-190 - Integer Overflow or Wraparound

CVE-2023-50387

CWE-400 - Uncontrolled Resource Consumption

CVE-2023-50868

CWE-400 - Uncontrolled Resource Consumption

CVE-2023-52389

CWE-121 - Stack-based Buffer Overflow

CVE-2024-0232

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem siemens	`cpe:2.3:a:siemens:simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem::::::::`	—

CVE-2024-0727

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
simatic_s7 siemens	`cpe:2.3:h:siemens:simatic_s7:1500:::::::*`	—
simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem siemens	`cpe:2.3:a:siemens:simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem::::::::`	—

CVE-2024-2004

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-319 - Cleartext Transmission of Sensitive Information

Affected products

Known affected 6 products

Product	Identifier	Version
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_::::::::`	—
siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_ siemens	`cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_::::::::`	—
sinema_remote_connect_client siemens	`cpe:2.3:a:siemens:sinema_remote_connect_client::::::::`	—

CVE-2024-2379

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-295 - Improper Certificate Validation

Affected products

Known affected 6 products

Product	Identifier	Version
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_::::::::`	—
siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_ siemens	`cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_::::::::`	—
sinema_remote_connect_client siemens	`cpe:2.3:a:siemens:sinema_remote_connect_client::::::::`	—

CVE-2024-2398

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE-772 - Missing Release of Resource after Effective Lifetime

Affected products

Known affected 6 products

Product	Identifier	Version
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_::::::::`	—
siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_ siemens	`cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_::::::::`	—
sinema_remote_connect_client siemens	`cpe:2.3:a:siemens:sinema_remote_connect_client::::::::`	—

CVE-2024-2466

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N/E:P/RL:O/RC:C

CWE-295 - Improper Certificate Validation

Affected products

Known affected 6 products

Product	Identifier	Version
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_::::::::`	—
siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_ siemens	`cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_::::::::`	—
sinema_remote_connect_client siemens	`cpe:2.3:a:siemens:sinema_remote_connect_client::::::::`	—

CVE-2024-2511

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 6 products

Product	Identifier	Version
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_::::::::`	—
siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_ siemens	`cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_::::::::`	—
simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem siemens	`cpe:2.3:a:siemens:simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem::::::::`	—

CVE-2024-4603

CWE-606 - Unchecked Input for Loop Condition

CVE-2024-4741

CWE-416 - Use After Free

CVE-2024-5535

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 6 products

Product	Identifier	Version
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_::::::::`	—
siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_ siemens	`cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_::::::::`	—
simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem siemens	`cpe:2.3:a:siemens:simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem::::::::`	—

CVE-2024-5594

CVE-2024-21890

CWE-275 - -

CVE-2024-21891

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2024-21892

CWE-94 - Improper Control of Generation of Code ('Code Injection')

CVE-2024-21896

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2024-22017

CWE-271 - Privilege Dropping / Lowering Errors

CVE-2024-22019

CWE-400 - Uncontrolled Resource Consumption

CVE-2024-22025

CWE-400 - Uncontrolled Resource Consumption

CVE-2024-24758

CWE-942 - Permissive Cross-domain Policy with Untrusted Domains

CVE-2024-24795

CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

CVE-2024-24806

CWE-918 - Server-Side Request Forgery (SSRF)

CVE-2024-26306

CWE-310 - -

CVE-2024-26925

CWE-284 - Improper Access Control

CVE-2024-27316

CWE-400 - Uncontrolled Resource Consumption

CVE-2024-27980

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2024-27982

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVE-2024-27983

CWE-400 - Uncontrolled Resource Consumption

CVE-2024-28882

CWE-772 - Missing Release of Resource after Effective Lifetime

CVE-2024-29119

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-266 - Incorrect Privilege Assignment

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
spectrum_power_7 siemens	`cpe:2.3:a:siemens:spectrum_power_7::::::::`	—

CVE-2024-36140

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
ozw672 siemens	`cpe:2.3:a:siemens:ozw672::::::::`	—
ozw772 siemens	`cpe:2.3:a:siemens:ozw772::::::::`	—

CVE-2024-44102

10.0 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-502 - Deserialization of Untrusted Data

Affected products

Known affected 13 products

Product	Identifier	Version
pp_telecontrol_server_basic_1000_to_5000_v3.1 siemens	`cpe:2.3:a:siemens:pp_telecontrol_server_basic_1000_to_5000_v3.1::::::::`	—
pp_telecontrol_server_basic_256_to_1000_v3.1 siemens	`cpe:2.3:a:siemens:pp_telecontrol_server_basic_256_to_1000_v3.1::::::::`	—
pp_telecontrol_server_basic_32_to_64_v3.1 siemens	`cpe:2.3:a:siemens:pp_telecontrol_server_basic_32_to_64_v3.1::::::::`	—
pp_telecontrol_server_basic_64_to_256_v3.1 siemens	`cpe:2.3:a:siemens:pp_telecontrol_server_basic_64_to_256_v3.1::::::::`	—
pp_telecontrol_server_basic_8_to_32_v3.1 siemens	`cpe:2.3:a:siemens:pp_telecontrol_server_basic_8_to_32_v3.1::::::::`	—
telecontrol_server_basic_1000_v3.1 siemens	`cpe:2.3:a:siemens:telecontrol_server_basic_1000_v3.1::::::::`	—
telecontrol_server_basic_256_v3.1 siemens	`cpe:2.3:a:siemens:telecontrol_server_basic_256_v3.1::::::::`	—
telecontrol_server_basic_32_v3.1 siemens	`cpe:2.3:a:siemens:telecontrol_server_basic_32_v3.1::::::::`	—
telecontrol_server_basic_5000_v3.1 siemens	`cpe:2.3:a:siemens:telecontrol_server_basic_5000_v3.1::::::::`	—
telecontrol_server_basic_64_v3.1 siemens	`cpe:2.3:a:siemens:telecontrol_server_basic_64_v3.1::::::::`	—
telecontrol_server_basic_8_v3.1 siemens	`cpe:2.3:a:siemens:telecontrol_server_basic_8_v3.1::::::::`	—
telecontrol_server_basic_serv_upgr siemens	`cpe:2.3:a:siemens:telecontrol_server_basic_serv_upgr::::::::`	—
telecontrol_server_basic_upgr_v3.1 siemens	`cpe:2.3:a:siemens:telecontrol_server_basic_upgr_v3.1::::::::`	—

CVE-2024-46888

9.9 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
sinec_ins siemens	`cpe:2.3:a:siemens:sinec_ins::::::::`	—

CVE-2024-46889

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

CWE-321 - Use of Hard-coded Cryptographic Key

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
sinec_ins siemens	`cpe:2.3:a:siemens:sinec_ins::::::::`	—

CVE-2024-46890

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
sinec_ins siemens	`cpe:2.3:a:siemens:sinec_ins::::::::`	—

CVE-2024-46891

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
sinec_ins siemens	`cpe:2.3:a:siemens:sinec_ins::::::::`	—

CVE-2024-46892

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C

CWE-613 - Insufficient Session Expiration

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
sinec_ins siemens	`cpe:2.3:a:siemens:sinec_ins::::::::`	—

CVE-2024-46894

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
sinec_ins siemens	`cpe:2.3:a:siemens:sinec_ins::::::::`	—

CVE-2024-47783

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-732 - Incorrect Permission Assignment for Critical Resource

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
siport siemens	`cpe:2.3:a:siemens:siport::::::::`	—

CVE-2024-47808

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:P/RL:O/RC:C

CWE-732 - Incorrect Permission Assignment for Critical Resource

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
sinec_nms siemens	`cpe:2.3:a:siemens:sinec_nms::::::::`	—

CVE-2024-47940

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
solid_edge_se2024 siemens	`cpe:2.3:a:siemens:solid_edge_se2024::::::::`	—

CVE-2024-47941

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
solid_edge_se2024 siemens	`cpe:2.3:a:siemens:solid_edge_se2024::::::::`	—

CVE-2024-47942

7.3 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-427 - Uncontrolled Search Path Element

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
solid_edge_se2024 siemens	`cpe:2.3:a:siemens:solid_edge_se2024::::::::`	—

CVE-2024-50310

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

CWE-863 - Incorrect Authorization

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
simatic_cp_1543-1_v4.0 siemens	`cpe:2.3:a:siemens:simatic_cp_1543-1_v4.0::::::::`	—

CVE-2024-50313

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Affected products

Known affected 5 products

Product	Identifier	Version
mendix_runtime_v10 siemens	`cpe:2.3:a:siemens:mendix_runtime_v10::::::::`	—
mendix_runtime_v10.12 siemens	`cpe:2.3:a:siemens:mendix_runtime_v10.12::::::::`	—
mendix_runtime_v10.6 siemens	`cpe:2.3:a:siemens:mendix_runtime_v10.6::::::::`	—
mendix_runtime_v8 siemens	`cpe:2.3:a:siemens:mendix_runtime_v8::::::::`	—
mendix_runtime_v9 siemens	`cpe:2.3:a:siemens:mendix_runtime_v9::::::::`	—

CVE-2024-50557

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-20 - Improper Input Validation

Affected products

Known affected 24 products

Product	Identifier	Version
ruggedcom_rm1224_lte_4g__eu siemens	`cpe:2.3:a:siemens:ruggedcom_rm1224_lte_4g__eu::::::::`	—
ruggedcom_rm1224_lte_4g__nam siemens	`cpe:2.3:a:siemens:ruggedcom_rm1224_lte_4g__nam::::::::`	—
scalance_m804pb siemens	`cpe:2.3:a:siemens:scalance_m804pb::::::::`	—
scalance_m812-1_adsl-router siemens	`cpe:2.3:a:siemens:scalance_m812-1_adsl-router::::::::`	—
scalance_m816-1_adsl-router siemens	`cpe:2.3:a:siemens:scalance_m816-1_adsl-router::::::::`	—
scalance_m826-2_shdsl-router siemens	`cpe:2.3:a:siemens:scalance_m826-2_shdsl-router::::::::`	—
scalance_m874-2 siemens	`cpe:2.3:a:siemens:scalance_m874-2::::::::`	—
scalance_m874-3 siemens	`cpe:2.3:a:siemens:scalance_m874-3::::::::`	—
scalance_m874-3_3g-router__cn_ siemens	`cpe:2.3:a:siemens:scalance_m874-3_3g-router__cn_::::::::`	—
scalance_m876-3 siemens	`cpe:2.3:a:siemens:scalance_m876-3::::::::`	—
scalance_m876-3__rok_ siemens	`cpe:2.3:a:siemens:scalance_m876-3__rok_::::::::`	—
scalance_m876-4 siemens	`cpe:2.3:a:siemens:scalance_m876-4::::::::`	—
scalance_m876-4__eu_ siemens	`cpe:2.3:a:siemens:scalance_m876-4__eu_::::::::`	—
scalance_m876-4__nam_ siemens	`cpe:2.3:a:siemens:scalance_m876-4__nam_::::::::`	—
scalance_mum853-1__a1_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__a1_::::::::`	—
scalance_mum853-1__b1_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__b1_::::::::`	—
scalance_mum853-1__eu_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__eu_::::::::`	—
scalance_mum856-1__a1_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__a1_::::::::`	—
scalance_mum856-1__b1_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__b1_::::::::`	—
scalance_mum856-1__cn_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__cn_::::::::`	—
scalance_mum856-1__eu_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__eu_::::::::`	—
scalance_mum856-1__row_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__row_::::::::`	—
scalance_s615_eec_lan-router siemens	`cpe:2.3:a:siemens:scalance_s615_eec_lan-router::::::::`	—
scalance_s615_lan-router siemens	`cpe:2.3:a:siemens:scalance_s615_lan-router::::::::`	—

CVE-2024-50558

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE-284 - Improper Access Control

Affected products

Known affected 24 products

Product	Identifier	Version
ruggedcom_rm1224_lte_4g__eu siemens	`cpe:2.3:a:siemens:ruggedcom_rm1224_lte_4g__eu::::::::`	—
ruggedcom_rm1224_lte_4g__nam siemens	`cpe:2.3:a:siemens:ruggedcom_rm1224_lte_4g__nam::::::::`	—
scalance_m804pb siemens	`cpe:2.3:a:siemens:scalance_m804pb::::::::`	—
scalance_m812-1_adsl-router siemens	`cpe:2.3:a:siemens:scalance_m812-1_adsl-router::::::::`	—
scalance_m816-1_adsl-router siemens	`cpe:2.3:a:siemens:scalance_m816-1_adsl-router::::::::`	—
scalance_m826-2_shdsl-router siemens	`cpe:2.3:a:siemens:scalance_m826-2_shdsl-router::::::::`	—
scalance_m874-2 siemens	`cpe:2.3:a:siemens:scalance_m874-2::::::::`	—
scalance_m874-3 siemens	`cpe:2.3:a:siemens:scalance_m874-3::::::::`	—
scalance_m874-3_3g-router__cn_ siemens	`cpe:2.3:a:siemens:scalance_m874-3_3g-router__cn_::::::::`	—
scalance_m876-3 siemens	`cpe:2.3:a:siemens:scalance_m876-3::::::::`	—
scalance_m876-3__rok_ siemens	`cpe:2.3:a:siemens:scalance_m876-3__rok_::::::::`	—
scalance_m876-4 siemens	`cpe:2.3:a:siemens:scalance_m876-4::::::::`	—
scalance_m876-4__eu_ siemens	`cpe:2.3:a:siemens:scalance_m876-4__eu_::::::::`	—
scalance_m876-4__nam_ siemens	`cpe:2.3:a:siemens:scalance_m876-4__nam_::::::::`	—
scalance_mum853-1__a1_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__a1_::::::::`	—
scalance_mum853-1__b1_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__b1_::::::::`	—
scalance_mum853-1__eu_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__eu_::::::::`	—
scalance_mum856-1__a1_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__a1_::::::::`	—
scalance_mum856-1__b1_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__b1_::::::::`	—
scalance_mum856-1__cn_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__cn_::::::::`	—
scalance_mum856-1__eu_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__eu_::::::::`	—
scalance_mum856-1__row_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__row_::::::::`	—
scalance_s615_eec_lan-router siemens	`cpe:2.3:a:siemens:scalance_s615_eec_lan-router::::::::`	—
scalance_s615_lan-router siemens	`cpe:2.3:a:siemens:scalance_s615_lan-router::::::::`	—

CVE-2024-50559

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 24 products

Product	Identifier	Version
ruggedcom_rm1224_lte_4g__eu siemens	`cpe:2.3:a:siemens:ruggedcom_rm1224_lte_4g__eu::::::::`	—
ruggedcom_rm1224_lte_4g__nam siemens	`cpe:2.3:a:siemens:ruggedcom_rm1224_lte_4g__nam::::::::`	—
scalance_m804pb siemens	`cpe:2.3:a:siemens:scalance_m804pb::::::::`	—
scalance_m812-1_adsl-router siemens	`cpe:2.3:a:siemens:scalance_m812-1_adsl-router::::::::`	—
scalance_m816-1_adsl-router siemens	`cpe:2.3:a:siemens:scalance_m816-1_adsl-router::::::::`	—
scalance_m826-2_shdsl-router siemens	`cpe:2.3:a:siemens:scalance_m826-2_shdsl-router::::::::`	—
scalance_m874-2 siemens	`cpe:2.3:a:siemens:scalance_m874-2::::::::`	—
scalance_m874-3 siemens	`cpe:2.3:a:siemens:scalance_m874-3::::::::`	—
scalance_m874-3_3g-router__cn_ siemens	`cpe:2.3:a:siemens:scalance_m874-3_3g-router__cn_::::::::`	—
scalance_m876-3 siemens	`cpe:2.3:a:siemens:scalance_m876-3::::::::`	—
scalance_m876-3__rok_ siemens	`cpe:2.3:a:siemens:scalance_m876-3__rok_::::::::`	—
scalance_m876-4 siemens	`cpe:2.3:a:siemens:scalance_m876-4::::::::`	—
scalance_m876-4__eu_ siemens	`cpe:2.3:a:siemens:scalance_m876-4__eu_::::::::`	—
scalance_m876-4__nam_ siemens	`cpe:2.3:a:siemens:scalance_m876-4__nam_::::::::`	—
scalance_mum853-1__a1_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__a1_::::::::`	—
scalance_mum853-1__b1_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__b1_::::::::`	—
scalance_mum853-1__eu_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__eu_::::::::`	—
scalance_mum856-1__a1_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__a1_::::::::`	—
scalance_mum856-1__b1_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__b1_::::::::`	—
scalance_mum856-1__cn_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__cn_::::::::`	—
scalance_mum856-1__eu_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__eu_::::::::`	—
scalance_mum856-1__row_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__row_::::::::`	—
scalance_s615_eec_lan-router siemens	`cpe:2.3:a:siemens:scalance_s615_eec_lan-router::::::::`	—
scalance_s615_lan-router siemens	`cpe:2.3:a:siemens:scalance_s615_lan-router::::::::`	—

CVE-2024-50560

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-20 - Improper Input Validation

Affected products

Known affected 24 products

Product	Identifier	Version
ruggedcom_rm1224_lte_4g__eu siemens	`cpe:2.3:a:siemens:ruggedcom_rm1224_lte_4g__eu::::::::`	—
ruggedcom_rm1224_lte_4g__nam siemens	`cpe:2.3:a:siemens:ruggedcom_rm1224_lte_4g__nam::::::::`	—
scalance_m804pb siemens	`cpe:2.3:a:siemens:scalance_m804pb::::::::`	—
scalance_m812-1_adsl-router siemens	`cpe:2.3:a:siemens:scalance_m812-1_adsl-router::::::::`	—
scalance_m816-1_adsl-router siemens	`cpe:2.3:a:siemens:scalance_m816-1_adsl-router::::::::`	—
scalance_m826-2_shdsl-router siemens	`cpe:2.3:a:siemens:scalance_m826-2_shdsl-router::::::::`	—
scalance_m874-2 siemens	`cpe:2.3:a:siemens:scalance_m874-2::::::::`	—
scalance_m874-3 siemens	`cpe:2.3:a:siemens:scalance_m874-3::::::::`	—
scalance_m874-3_3g-router__cn_ siemens	`cpe:2.3:a:siemens:scalance_m874-3_3g-router__cn_::::::::`	—
scalance_m876-3 siemens	`cpe:2.3:a:siemens:scalance_m876-3::::::::`	—
scalance_m876-3__rok_ siemens	`cpe:2.3:a:siemens:scalance_m876-3__rok_::::::::`	—
scalance_m876-4 siemens	`cpe:2.3:a:siemens:scalance_m876-4::::::::`	—
scalance_m876-4__eu_ siemens	`cpe:2.3:a:siemens:scalance_m876-4__eu_::::::::`	—
scalance_m876-4__nam_ siemens	`cpe:2.3:a:siemens:scalance_m876-4__nam_::::::::`	—
scalance_mum853-1__a1_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__a1_::::::::`	—
scalance_mum853-1__b1_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__b1_::::::::`	—
scalance_mum853-1__eu_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__eu_::::::::`	—
scalance_mum856-1__a1_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__a1_::::::::`	—
scalance_mum856-1__b1_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__b1_::::::::`	—
scalance_mum856-1__cn_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__cn_::::::::`	—
scalance_mum856-1__eu_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__eu_::::::::`	—
scalance_mum856-1__row_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__row_::::::::`	—
scalance_s615_eec_lan-router siemens	`cpe:2.3:a:siemens:scalance_s615_eec_lan-router::::::::`	—
scalance_s615_lan-router siemens	`cpe:2.3:a:siemens:scalance_s615_lan-router::::::::`	—

CVE-2024-50561

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Known affected 24 products

Product	Identifier	Version
ruggedcom_rm1224_lte_4g__eu siemens	`cpe:2.3:a:siemens:ruggedcom_rm1224_lte_4g__eu::::::::`	—
ruggedcom_rm1224_lte_4g__nam siemens	`cpe:2.3:a:siemens:ruggedcom_rm1224_lte_4g__nam::::::::`	—
scalance_m804pb siemens	`cpe:2.3:a:siemens:scalance_m804pb::::::::`	—
scalance_m812-1_adsl-router siemens	`cpe:2.3:a:siemens:scalance_m812-1_adsl-router::::::::`	—
scalance_m816-1_adsl-router siemens	`cpe:2.3:a:siemens:scalance_m816-1_adsl-router::::::::`	—
scalance_m826-2_shdsl-router siemens	`cpe:2.3:a:siemens:scalance_m826-2_shdsl-router::::::::`	—
scalance_m874-2 siemens	`cpe:2.3:a:siemens:scalance_m874-2::::::::`	—
scalance_m874-3 siemens	`cpe:2.3:a:siemens:scalance_m874-3::::::::`	—
scalance_m874-3_3g-router__cn_ siemens	`cpe:2.3:a:siemens:scalance_m874-3_3g-router__cn_::::::::`	—
scalance_m876-3 siemens	`cpe:2.3:a:siemens:scalance_m876-3::::::::`	—
scalance_m876-3__rok_ siemens	`cpe:2.3:a:siemens:scalance_m876-3__rok_::::::::`	—
scalance_m876-4 siemens	`cpe:2.3:a:siemens:scalance_m876-4::::::::`	—
scalance_m876-4__eu_ siemens	`cpe:2.3:a:siemens:scalance_m876-4__eu_::::::::`	—
scalance_m876-4__nam_ siemens	`cpe:2.3:a:siemens:scalance_m876-4__nam_::::::::`	—
scalance_mum853-1__a1_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__a1_::::::::`	—
scalance_mum853-1__b1_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__b1_::::::::`	—
scalance_mum853-1__eu_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__eu_::::::::`	—
scalance_mum856-1__a1_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__a1_::::::::`	—
scalance_mum856-1__b1_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__b1_::::::::`	—
scalance_mum856-1__cn_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__cn_::::::::`	—
scalance_mum856-1__eu_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__eu_::::::::`	—
scalance_mum856-1__row_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__row_::::::::`	—
scalance_s615_eec_lan-router siemens	`cpe:2.3:a:siemens:scalance_s615_eec_lan-router::::::::`	—
scalance_s615_lan-router siemens	`cpe:2.3:a:siemens:scalance_s615_lan-router::::::::`	—

CVE-2024-50572

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Affected products

Known affected 24 products

Product	Identifier	Version
ruggedcom_rm1224_lte_4g__eu siemens	`cpe:2.3:a:siemens:ruggedcom_rm1224_lte_4g__eu::::::::`	—
ruggedcom_rm1224_lte_4g__nam siemens	`cpe:2.3:a:siemens:ruggedcom_rm1224_lte_4g__nam::::::::`	—
scalance_m804pb siemens	`cpe:2.3:a:siemens:scalance_m804pb::::::::`	—
scalance_m812-1_adsl-router siemens	`cpe:2.3:a:siemens:scalance_m812-1_adsl-router::::::::`	—
scalance_m816-1_adsl-router siemens	`cpe:2.3:a:siemens:scalance_m816-1_adsl-router::::::::`	—
scalance_m826-2_shdsl-router siemens	`cpe:2.3:a:siemens:scalance_m826-2_shdsl-router::::::::`	—
scalance_m874-2 siemens	`cpe:2.3:a:siemens:scalance_m874-2::::::::`	—
scalance_m874-3 siemens	`cpe:2.3:a:siemens:scalance_m874-3::::::::`	—
scalance_m874-3_3g-router__cn_ siemens	`cpe:2.3:a:siemens:scalance_m874-3_3g-router__cn_::::::::`	—
scalance_m876-3 siemens	`cpe:2.3:a:siemens:scalance_m876-3::::::::`	—
scalance_m876-3__rok_ siemens	`cpe:2.3:a:siemens:scalance_m876-3__rok_::::::::`	—
scalance_m876-4 siemens	`cpe:2.3:a:siemens:scalance_m876-4::::::::`	—
scalance_m876-4__eu_ siemens	`cpe:2.3:a:siemens:scalance_m876-4__eu_::::::::`	—
scalance_m876-4__nam_ siemens	`cpe:2.3:a:siemens:scalance_m876-4__nam_::::::::`	—
scalance_mum853-1__a1_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__a1_::::::::`	—
scalance_mum853-1__b1_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__b1_::::::::`	—
scalance_mum853-1__eu_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__eu_::::::::`	—
scalance_mum856-1__a1_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__a1_::::::::`	—
scalance_mum856-1__b1_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__b1_::::::::`	—
scalance_mum856-1__cn_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__cn_::::::::`	—
scalance_mum856-1__eu_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__eu_::::::::`	—
scalance_mum856-1__row_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__row_::::::::`	—
scalance_s615_eec_lan-router siemens	`cpe:2.3:a:siemens:scalance_s615_eec_lan-router::::::::`	—
scalance_s615_lan-router siemens	`cpe:2.3:a:siemens:scalance_s615_lan-router::::::::`	—

References

108 references

URL	Category
https://cert-portal.siemens.com/productcert/pdf/s…	external
https://cert-portal.siemens.com/productcert/pdf/s…	external
https://cert-portal.siemens.com/productcert/pdf/s…	external
https://cert-portal.siemens.com/productcert/pdf/s…	external
https://cert-portal.siemens.com/productcert/pdf/s…	external
https://cert-portal.siemens.com/productcert/pdf/s…	external
https://cert-portal.siemens.com/productcert/pdf/s…	external
https://cert-portal.siemens.com/productcert/pdf/s…	external
https://cert-portal.siemens.com/productcert/pdf/s…	external
https://cert-portal.siemens.com/productcert/pdf/s…	external
https://cert-portal.siemens.com/productcert/pdf/s…	external
https://cert-portal.siemens.com/productcert/pdf/s…	external
https://api.ncsc.nl/velma/v1/vulnerabilities/2021…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Siemens heeft kwetsbaarheden verholpen in diverse producten als Mendix, RUGGEDCOM, SCALANCE, SIMATIC en SINEC.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Cross-Site-Scripting (XSS)\n- Manipulatie van gegevens\n- Omzeilen van een beveiligingsmaatregel\n- Omzeilen van authenticatie\n- (Remote) code execution (Administrator/Root rechten)\n- (Remote) code execution (Gebruikersrechten)\n- Toegang tot systeemgegevens\n- Verhoogde gebruikersrechten\n\nDe kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico\u0027s zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Unchecked Input for Loop Condition",
        "title": "CWE-606"
      },
      {
        "category": "general",
        "text": "Use of a Cryptographic Primitive with a Risky Implementation",
        "title": "CWE-1240"
      },
      {
        "category": "general",
        "text": "Misinterpretation of Input",
        "title": "CWE-115"
      },
      {
        "category": "general",
        "text": "Insufficient Technical Documentation",
        "title": "CWE-1059"
      },
      {
        "category": "general",
        "text": "Improperly Controlled Sequential Memory Allocation",
        "title": "CWE-1325"
      },
      {
        "category": "general",
        "text": "Truncation of Security-relevant Information",
        "title": "CWE-222"
      },
      {
        "category": "general",
        "text": "CWE-310",
        "title": "CWE-310"
      },
      {
        "category": "general",
        "text": "Use of Weak Hash",
        "title": "CWE-328"
      },
      {
        "category": "general",
        "text": "Improper Validation of Specified Quantity in Input",
        "title": "CWE-1284"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information Due to Incompatible Policies",
        "title": "CWE-213"
      },
      {
        "category": "general",
        "text": "Policy Privileges are not Assigned Consistently Between Control and Data Agents",
        "title": "CWE-1268"
      },
      {
        "category": "general",
        "text": "Incorrect Provision of Specified Functionality",
        "title": "CWE-684"
      },
      {
        "category": "general",
        "text": "Missing Release of Resource after Effective Lifetime",
        "title": "CWE-772"
      },
      {
        "category": "general",
        "text": "Observable Timing Discrepancy",
        "title": "CWE-208"
      },
      {
        "category": "general",
        "text": "Insertion of Sensitive Information Into Sent Data",
        "title": "CWE-201"
      },
      {
        "category": "general",
        "text": "Excessive Iteration",
        "title": "CWE-834"
      },
      {
        "category": "general",
        "text": "Incorrect Privilege Assignment",
        "title": "CWE-266"
      },
      {
        "category": "general",
        "text": "Permissive Cross-domain Policy with Untrusted Domains",
        "title": "CWE-942"
      },
      {
        "category": "general",
        "text": "Privilege Dropping / Lowering Errors",
        "title": "CWE-271"
      },
      {
        "category": "general",
        "text": "Incorrect Permission Assignment for Critical Resource",
        "title": "CWE-732"
      },
      {
        "category": "general",
        "text": "Improper Locking",
        "title": "CWE-667"
      },
      {
        "category": "general",
        "text": "Expected Behavior Violation",
        "title": "CWE-440"
      },
      {
        "category": "general",
        "text": "Improper Validation of Certificate with Host Mismatch",
        "title": "CWE-297"
      },
      {
        "category": "general",
        "text": "Missing Encryption of Sensitive Data",
        "title": "CWE-311"
      },
      {
        "category": "general",
        "text": "Improper Check for Unusual or Exceptional Conditions",
        "title": "CWE-754"
      },
      {
        "category": "general",
        "text": "Reachable Assertion",
        "title": "CWE-617"
      },
      {
        "category": "general",
        "text": "Uncontrolled Search Path Element",
        "title": "CWE-427"
      },
      {
        "category": "general",
        "text": "Cleartext Transmission of Sensitive Information",
        "title": "CWE-319"
      },
      {
        "category": "general",
        "text": "Insufficient Session Expiration",
        "title": "CWE-613"
      },
      {
        "category": "general",
        "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
        "title": "CWE-444"
      },
      {
        "category": "general",
        "text": "Observable Discrepancy",
        "title": "CWE-203"
      },
      {
        "category": "general",
        "text": "Improper Validation of Integrity Check Value",
        "title": "CWE-354"
      },
      {
        "category": "general",
        "text": "Missing Cryptographic Step",
        "title": "CWE-325"
      },
      {
        "category": "general",
        "text": "Integer Overflow or Wraparound",
        "title": "CWE-190"
      },
      {
        "category": "general",
        "text": "Use of Hard-coded Cryptographic Key",
        "title": "CWE-321"
      },
      {
        "category": "general",
        "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
        "title": "CWE-362"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "CWE-275",
        "title": "CWE-275"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
        "title": "CWE-119"
      },
      {
        "category": "general",
        "text": "Inefficient Regular Expression Complexity",
        "title": "CWE-1333"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)",
        "title": "CWE-113"
      },
      {
        "category": "general",
        "text": "Missing Release of Memory after Effective Lifetime",
        "title": "CWE-401"
      },
      {
        "category": "general",
        "text": "NULL Pointer Dereference",
        "title": "CWE-476"
      },
      {
        "category": "general",
        "text": "Improper Certificate Validation",
        "title": "CWE-295"
      },
      {
        "category": "general",
        "text": "Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
        "title": "CWE-757"
      },
      {
        "category": "general",
        "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
        "title": "CWE-94"
      },
      {
        "category": "general",
        "text": "Use of a Broken or Risky Cryptographic Algorithm",
        "title": "CWE-327"
      },
      {
        "category": "general",
        "text": "Interpretation Conflict",
        "title": "CWE-436"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
        "title": "CWE-74"
      },
      {
        "category": "general",
        "text": "Deserialization of Untrusted Data",
        "title": "CWE-502"
      },
      {
        "category": "general",
        "text": "Server-Side Request Forgery (SSRF)",
        "title": "CWE-918"
      },
      {
        "category": "general",
        "text": "Incorrect Authorization",
        "title": "CWE-863"
      },
      {
        "category": "general",
        "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
        "title": "CWE-22"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
        "title": "CWE-78"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "Heap-based Buffer Overflow",
        "title": "CWE-122"
      },
      {
        "category": "general",
        "text": "Stack-based Buffer Overflow",
        "title": "CWE-121"
      },
      {
        "category": "general",
        "text": "Memory Allocation with Excessive Size Value",
        "title": "CWE-789"
      },
      {
        "category": "general",
        "text": "Improper Privilege Management",
        "title": "CWE-269"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Authentication",
        "title": "CWE-287"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
        "title": "CWE-79"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-000297.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-064257.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-230445.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-331112.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-351178.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-354112.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-454789.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616032.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654798.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-871035.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-914892.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-915275.pdf"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Siemens producten",
    "tracking": {
      "current_release_date": "2024-11-12T14:19:20.051128Z",
      "id": "NCSC-2024-0433",
      "initial_release_date": "2024-11-12T14:19:20.051128Z",
      "revision_history": [
        {
          "date": "2024-11-12T14:19:20.051128Z",
          "number": "0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "mendix_runtime_v10.12",
            "product": {
              "name": "mendix_runtime_v10.12",
              "product_id": "CSAFPID-1637623",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:mendix_runtime_v10.12:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "mendix_runtime_v10.6",
            "product": {
              "name": "mendix_runtime_v10.6",
              "product_id": "CSAFPID-1637624",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:mendix_runtime_v10.6:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "mendix_runtime_v10",
            "product": {
              "name": "mendix_runtime_v10",
              "product_id": "CSAFPID-1637622",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:mendix_runtime_v10:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "mendix_runtime_v8",
            "product": {
              "name": "mendix_runtime_v8",
              "product_id": "CSAFPID-1637625",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:mendix_runtime_v8:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "mendix_runtime_v9",
            "product": {
              "name": "mendix_runtime_v9",
              "product_id": "CSAFPID-1637626",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:mendix_runtime_v9:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "ozw672",
            "product": {
              "name": "ozw672",
              "product_id": "CSAFPID-1712832",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:ozw672:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "ozw772",
            "product": {
              "name": "ozw772",
              "product_id": "CSAFPID-1712833",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:ozw772:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "pp_telecontrol_server_basic_1000_to_5000_v3.1",
            "product": {
              "name": "pp_telecontrol_server_basic_1000_to_5000_v3.1",
              "product_id": "CSAFPID-1712834",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:pp_telecontrol_server_basic_1000_to_5000_v3.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "pp_telecontrol_server_basic_256_to_1000_v3.1",
            "product": {
              "name": "pp_telecontrol_server_basic_256_to_1000_v3.1",
              "product_id": "CSAFPID-1712835",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:pp_telecontrol_server_basic_256_to_1000_v3.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "pp_telecontrol_server_basic_32_to_64_v3.1",
            "product": {
              "name": "pp_telecontrol_server_basic_32_to_64_v3.1",
              "product_id": "CSAFPID-1712836",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:pp_telecontrol_server_basic_32_to_64_v3.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "pp_telecontrol_server_basic_64_to_256_v3.1",
            "product": {
              "name": "pp_telecontrol_server_basic_64_to_256_v3.1",
              "product_id": "CSAFPID-1712837",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:pp_telecontrol_server_basic_64_to_256_v3.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "pp_telecontrol_server_basic_8_to_32_v3.1",
            "product": {
              "name": "pp_telecontrol_server_basic_8_to_32_v3.1",
              "product_id": "CSAFPID-1712838",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:pp_telecontrol_server_basic_8_to_32_v3.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "ruggedcom_ape1808",
            "product": {
              "name": "ruggedcom_ape1808",
              "product_id": "CSAFPID-1615259",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:ruggedcom_ape1808:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "ruggedcom_rm1224_lte_4g__eu",
            "product": {
              "name": "ruggedcom_rm1224_lte_4g__eu",
              "product_id": "CSAFPID-1702670",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:ruggedcom_rm1224_lte_4g__eu:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "ruggedcom_rm1224_lte_4g__nam",
            "product": {
              "name": "ruggedcom_rm1224_lte_4g__nam",
              "product_id": "CSAFPID-1702671",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:ruggedcom_rm1224_lte_4g__nam:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "s7-pct",
            "product": {
              "name": "s7-pct",
              "product_id": "CSAFPID-1637909",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:s7-pct:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "s7-pct",
            "product": {
              "name": "s7-pct",
              "product_id": "CSAFPID-1470060",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:s7-pct:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "s7_port_configuration_tool",
            "product": {
              "name": "s7_port_configuration_tool",
              "product_id": "CSAFPID-1472074",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:s7_port_configuration_tool:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_m804pb",
            "product": {
              "name": "scalance_m804pb",
              "product_id": "CSAFPID-1702672",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_m804pb:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_m812-1_adsl-router",
            "product": {
              "name": "scalance_m812-1_adsl-router",
              "product_id": "CSAFPID-1712749",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_m812-1_adsl-router:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_m816-1_adsl-router",
            "product": {
              "name": "scalance_m816-1_adsl-router",
              "product_id": "CSAFPID-1712750",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_m816-1_adsl-router:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_m826-2_shdsl-router",
            "product": {
              "name": "scalance_m826-2_shdsl-router",
              "product_id": "CSAFPID-1702677",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_m826-2_shdsl-router:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_m874-2",
            "product": {
              "name": "scalance_m874-2",
              "product_id": "CSAFPID-1702678",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_m874-2:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_m874-3",
            "product": {
              "name": "scalance_m874-3",
              "product_id": "CSAFPID-1702679",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_m874-3:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_m874-3_3g-router__cn_",
            "product": {
              "name": "scalance_m874-3_3g-router__cn_",
              "product_id": "CSAFPID-1712751",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_m874-3_3g-router__cn_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_m876-3",
            "product": {
              "name": "scalance_m876-3",
              "product_id": "CSAFPID-1712752",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_m876-3:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_m876-3__rok_",
            "product": {
              "name": "scalance_m876-3__rok_",
              "product_id": "CSAFPID-1702681",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_m876-3__rok_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_m876-4",
            "product": {
              "name": "scalance_m876-4",
              "product_id": "CSAFPID-1712753",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_m876-4:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_m876-4__eu_",
            "product": {
              "name": "scalance_m876-4__eu_",
              "product_id": "CSAFPID-1702682",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_m876-4__eu_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_m876-4__nam_",
            "product": {
              "name": "scalance_m876-4__nam_",
              "product_id": "CSAFPID-1702683",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_m876-4__nam_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_mum853-1__a1_",
            "product": {
              "name": "scalance_mum853-1__a1_",
              "product_id": "CSAFPID-1712754",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_mum853-1__a1_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_mum853-1__b1_",
            "product": {
              "name": "scalance_mum853-1__b1_",
              "product_id": "CSAFPID-1712755",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_mum853-1__b1_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_mum853-1__eu_",
            "product": {
              "name": "scalance_mum853-1__eu_",
              "product_id": "CSAFPID-1712756",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_mum853-1__eu_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_mum856-1__a1_",
            "product": {
              "name": "scalance_mum856-1__a1_",
              "product_id": "CSAFPID-1712757",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_mum856-1__a1_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_mum856-1__b1_",
            "product": {
              "name": "scalance_mum856-1__b1_",
              "product_id": "CSAFPID-1712758",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_mum856-1__b1_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_mum856-1__cn_",
            "product": {
              "name": "scalance_mum856-1__cn_",
              "product_id": "CSAFPID-1712759",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_mum856-1__cn_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_mum856-1__eu_",
            "product": {
              "name": "scalance_mum856-1__eu_",
              "product_id": "CSAFPID-1702684",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_mum856-1__eu_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_mum856-1__row_",
            "product": {
              "name": "scalance_mum856-1__row_",
              "product_id": "CSAFPID-1702685",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_mum856-1__row_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_s615_eec_lan-router",
            "product": {
              "name": "scalance_s615_eec_lan-router",
              "product_id": "CSAFPID-1712760",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_s615_eec_lan-router:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_s615_lan-router",
            "product": {
              "name": "scalance_s615_lan-router",
              "product_id": "CSAFPID-1712761",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_s615_lan-router:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_xch328__6gk5328-4ts01-2ec2_",
            "product": {
              "name": "scalance_xch328__6gk5328-4ts01-2ec2_",
              "product_id": "CSAFPID-1613504",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_xch328__6gk5328-4ts01-2ec2_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_xcm324__6gk5324-8ts01-2ac2_",
            "product": {
              "name": "scalance_xcm324__6gk5324-8ts01-2ac2_",
              "product_id": "CSAFPID-1613505",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_xcm324__6gk5324-8ts01-2ac2_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_xcm328__6gk5328-4ts01-2ac2_",
            "product": {
              "name": "scalance_xcm328__6gk5328-4ts01-2ac2_",
              "product_id": "CSAFPID-1613506",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_xcm328__6gk5328-4ts01-2ac2_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_xcm332__6gk5332-0ga01-2ac2_",
            "product": {
              "name": "scalance_xcm332__6gk5332-0ga01-2ac2_",
              "product_id": "CSAFPID-1613507",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_xcm332__6gk5332-0ga01-2ac2_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_xrh334__24_v_dc__8xfo__cc___6gk5334-2ts01-2er3_",
            "product": {
              "name": "scalance_xrh334__24_v_dc__8xfo__cc___6gk5334-2ts01-2er3_",
              "product_id": "CSAFPID-1613592",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_xrh334__24_v_dc__8xfo__cc___6gk5334-2ts01-2er3_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_xrm334__230_v_ac__12xfo___6gk5334-3ts01-3ar3_",
            "product": {
              "name": "scalance_xrm334__230_v_ac__12xfo___6gk5334-3ts01-3ar3_",
              "product_id": "CSAFPID-1613593",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_xrm334__230_v_ac__12xfo___6gk5334-3ts01-3ar3_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_xrm334__230_v_ac__8xfo___6gk5334-2ts01-3ar3_",
            "product": {
              "name": "scalance_xrm334__230_v_ac__8xfo___6gk5334-2ts01-3ar3_",
              "product_id": "CSAFPID-1613594",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_xrm334__230_v_ac__8xfo___6gk5334-2ts01-3ar3_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_xrm334__24_v_dc__12xfo___6gk5334-3ts01-2ar3_",
            "product": {
              "name": "scalance_xrm334__24_v_dc__12xfo___6gk5334-3ts01-2ar3_",
              "product_id": "CSAFPID-1613595",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_xrm334__24_v_dc__12xfo___6gk5334-3ts01-2ar3_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_xrm334__24_v_dc__8xfo___6gk5334-2ts01-2ar3_",
            "product": {
              "name": "scalance_xrm334__24_v_dc__8xfo___6gk5334-2ts01-2ar3_",
              "product_id": "CSAFPID-1613596",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_xrm334__24_v_dc__8xfo___6gk5334-2ts01-2ar3_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_xrm334__2x230_v_ac__12xfo___6gk5334-3ts01-4ar3_",
            "product": {
              "name": "scalance_xrm334__2x230_v_ac__12xfo___6gk5334-3ts01-4ar3_",
              "product_id": "CSAFPID-1613597",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_xrm334__2x230_v_ac__12xfo___6gk5334-3ts01-4ar3_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_xrm334__2x230_v_ac__8xfo___6gk5334-2ts01-4ar3_",
            "product": {
              "name": "scalance_xrm334__2x230_v_ac__8xfo___6gk5334-2ts01-4ar3_",
              "product_id": "CSAFPID-1613598",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_xrm334__2x230_v_ac__8xfo___6gk5334-2ts01-4ar3_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "security_configuration_tool",
            "product": {
              "name": "security_configuration_tool",
              "product_id": "CSAFPID-1625339",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:security_configuration_tool:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "security_configuration_tool__sct_",
            "product": {
              "name": "security_configuration_tool__sct_",
              "product_id": "CSAFPID-1637910",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:security_configuration_tool__sct_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "security_configuration_tool__sct_",
            "product": {
              "name": "security_configuration_tool__sct_",
              "product_id": "CSAFPID-1470061",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:security_configuration_tool__sct_:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_automation_tool",
            "product": {
              "name": "simatic_automation_tool",
              "product_id": "CSAFPID-1472069",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_automation_tool:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_automation_tool",
            "product": {
              "name": "simatic_automation_tool",
              "product_id": "CSAFPID-1637559",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_automation_tool:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_automation_tool",
            "product": {
              "name": "simatic_automation_tool",
              "product_id": "CSAFPID-1470062",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_automation_tool:all_versions:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_batch_v9.1",
            "product": {
              "name": "simatic_batch_v9.1",
              "product_id": "CSAFPID-1625340",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_batch_v9.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_batch_v9.1",
            "product": {
              "name": "simatic_batch_v9.1",
              "product_id": "CSAFPID-1470063",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_batch_v9.1:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_cp_1543-1_v4.0",
            "product": {
              "name": "simatic_cp_1543-1_v4.0",
              "product_id": "CSAFPID-1712748",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_cp_1543-1_v4.0:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_mv500_family",
            "product": {
              "name": "simatic_mv500_family",
              "product_id": "CSAFPID-1703073",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_mv500_family:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_net_pc-software",
            "product": {
              "name": "simatic_net_pc-software",
              "product_id": "CSAFPID-1625344",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_net_pc-software:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_net_pc_software",
            "product": {
              "name": "simatic_net_pc_software",
              "product_id": "CSAFPID-1470064",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_net_pc_software:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_net_pc_software_v16",
            "product": {
              "name": "simatic_net_pc_software_v16",
              "product_id": "CSAFPID-1637849",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_net_pc_software_v16:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_net_pc_software_v16",
            "product": {
              "name": "simatic_net_pc_software_v16",
              "product_id": "CSAFPID-1457906",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_net_pc_software_v16:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_net_pc_software_v17",
            "product": {
              "name": "simatic_net_pc_software_v17",
              "product_id": "CSAFPID-1637850",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_net_pc_software_v17:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_net_pc_software_v17",
            "product": {
              "name": "simatic_net_pc_software_v17",
              "product_id": "CSAFPID-1457907",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_net_pc_software_v17:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_net_pc_software_v18",
            "product": {
              "name": "simatic_net_pc_software_v18",
              "product_id": "CSAFPID-1637851",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_net_pc_software_v18:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_net_pc_software_v18",
            "product": {
              "name": "simatic_net_pc_software_v18",
              "product_id": "CSAFPID-1457908",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_net_pc_software_v18:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_net_pc_software_v19",
            "product": {
              "name": "simatic_net_pc_software_v19",
              "product_id": "CSAFPID-1637911",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_net_pc_software_v19:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_net_pc_software_v19",
            "product": {
              "name": "simatic_net_pc_software_v19",
              "product_id": "CSAFPID-1637560",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_net_pc_software_v19:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_pcs",
            "product": {
              "name": "simatic_pcs",
              "product_id": "CSAFPID-838530",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_pcs:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_pcs_7_v9.1",
            "product": {
              "name": "simatic_pcs_7_v9.1",
              "product_id": "CSAFPID-1501190",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_pcs_7_v9.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_pcs_7_v9.1",
            "product": {
              "name": "simatic_pcs_7_v9.1",
              "product_id": "CSAFPID-1457909",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_pcs_7_v9.1:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_pdm_v9.2",
            "product": {
              "name": "simatic_pdm_v9.2",
              "product_id": "CSAFPID-1637912",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_pdm_v9.2:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_pdm_v9.2",
            "product": {
              "name": "simatic_pdm_v9.2",
              "product_id": "CSAFPID-1470065",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_pdm_v9.2:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_route_control_",
            "product": {
              "name": "simatic_route_control_",
              "product_id": "CSAFPID-1625337",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_route_control_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_route_control_v9.1",
            "product": {
              "name": "simatic_route_control_v9.1",
              "product_id": "CSAFPID-1637856",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_route_control_v9.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_route_control_v9.1",
            "product": {
              "name": "simatic_route_control_v9.1",
              "product_id": "CSAFPID-1470066",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_route_control_v9.1:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rtls_locating_manager",
            "product": {
              "name": "simatic_rtls_locating_manager",
              "product_id": "CSAFPID-1691398",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rtls_locating_manager:3.0.1.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rtls_locating_manager__6gt2780-0da00_",
            "product": {
              "name": "simatic_rtls_locating_manager__6gt2780-0da00_",
              "product_id": "CSAFPID-1703180",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da00_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rtls_locating_manager__6gt2780-0da10_",
            "product": {
              "name": "simatic_rtls_locating_manager__6gt2780-0da10_",
              "product_id": "CSAFPID-1703181",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da10_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rtls_locating_manager__6gt2780-0da20_",
            "product": {
              "name": "simatic_rtls_locating_manager__6gt2780-0da20_",
              "product_id": "CSAFPID-1703182",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da20_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rtls_locating_manager__6gt2780-0da30_",
            "product": {
              "name": "simatic_rtls_locating_manager__6gt2780-0da30_",
              "product_id": "CSAFPID-1703183",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da30_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rtls_locating_manager__6gt2780-1ea10_",
            "product": {
              "name": "simatic_rtls_locating_manager__6gt2780-1ea10_",
              "product_id": "CSAFPID-1703184",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-1ea10_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rtls_locating_manager__6gt2780-1ea20_",
            "product": {
              "name": "simatic_rtls_locating_manager__6gt2780-1ea20_",
              "product_id": "CSAFPID-1703185",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-1ea20_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rtls_locating_manager__6gt2780-1ea30_",
            "product": {
              "name": "simatic_rtls_locating_manager__6gt2780-1ea30_",
              "product_id": "CSAFPID-1703186",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-1ea30_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_",
            "product": {
              "name": "simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_",
              "product_id": "CSAFPID-1615260",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_",
            "product": {
              "name": "simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_",
              "product_id": "CSAFPID-1615261",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_",
            "product": {
              "name": "simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_",
              "product_id": "CSAFPID-1615262",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_",
            "product": {
              "name": "simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_",
              "product_id": "CSAFPID-1615263",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem",
            "product": {
              "name": "simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem",
              "product_id": "CSAFPID-1703131",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-plcsim_v16",
            "product": {
              "name": "simatic_s7-plcsim_v16",
              "product_id": "CSAFPID-1712825",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-plcsim_v16:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-plcsim_v17",
            "product": {
              "name": "simatic_s7-plcsim_v17",
              "product_id": "CSAFPID-1712826",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-plcsim_v17:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_step_7_safety_v16",
            "product": {
              "name": "simatic_step_7_safety_v16",
              "product_id": "CSAFPID-1703190",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_step_7_safety_v16:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_step_7_safety_v17",
            "product": {
              "name": "simatic_step_7_safety_v17",
              "product_id": "CSAFPID-1703191",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_step_7_safety_v17:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_step_7_safety_v18",
            "product": {
              "name": "simatic_step_7_safety_v18",
              "product_id": "CSAFPID-1500667",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_step_7_safety_v18:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_step_7_v16",
            "product": {
              "name": "simatic_step_7_v16",
              "product_id": "CSAFPID-1703187",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_step_7_v16:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_step_7_v17",
            "product": {
              "name": "simatic_step_7_v17",
              "product_id": "CSAFPID-1703188",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_step_7_v17:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_step_7_v18",
            "product": {
              "name": "simatic_step_7_v18",
              "product_id": "CSAFPID-1703189",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_step_7_v18:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_step_7_v5",
            "product": {
              "name": "simatic_step_7_v5",
              "product_id": "CSAFPID-1637913",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_step_7_v5:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_step_7_v5",
            "product": {
              "name": "simatic_step_7_v5",
              "product_id": "CSAFPID-1457855",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_step_7_v5:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc",
            "product": {
              "name": "simatic_wincc",
              "product_id": "CSAFPID-75563",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc",
            "product": {
              "name": "simatic_wincc",
              "product_id": "CSAFPID-1550826",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc:8.0:update_5:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_oa_v3.17",
            "product": {
              "name": "simatic_wincc_oa_v3.17",
              "product_id": "CSAFPID-1637914",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_oa_v3.17:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_oa_v3.17",
            "product": {
              "name": "simatic_wincc_oa_v3.17",
              "product_id": "CSAFPID-1457956",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_oa_v3.17:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_oa_v3.18",
            "product": {
              "name": "simatic_wincc_oa_v3.18",
              "product_id": "CSAFPID-1637915",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_oa_v3.18:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_oa_v3.18",
            "product": {
              "name": "simatic_wincc_oa_v3.18",
              "product_id": "CSAFPID-1457957",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_oa_v3.18:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_oa_v3.19",
            "product": {
              "name": "simatic_wincc_oa_v3.19",
              "product_id": "CSAFPID-1637916",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_oa_v3.19:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_oa_v3.19",
            "product": {
              "name": "simatic_wincc_oa_v3.19",
              "product_id": "CSAFPID-1457958",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_oa_v3.19:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_advanced",
            "product": {
              "name": "simatic_wincc_runtime_advanced",
              "product_id": "CSAFPID-766087",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_advanced",
            "product": {
              "name": "simatic_wincc_runtime_advanced",
              "product_id": "CSAFPID-1470067",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional",
            "product": {
              "name": "simatic_wincc_runtime_professional",
              "product_id": "CSAFPID-165765",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional_v16",
            "product": {
              "name": "simatic_wincc_runtime_professional_v16",
              "product_id": "CSAFPID-1637917",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v16:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional_v16",
            "product": {
              "name": "simatic_wincc_runtime_professional_v16",
              "product_id": "CSAFPID-1457960",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v16:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional_v17",
            "product": {
              "name": "simatic_wincc_runtime_professional_v17",
              "product_id": "CSAFPID-1637887",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v17:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional_v17",
            "product": {
              "name": "simatic_wincc_runtime_professional_v17",
              "product_id": "CSAFPID-1457961",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v17:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional_v18",
            "product": {
              "name": "simatic_wincc_runtime_professional_v18",
              "product_id": "CSAFPID-1501188",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v18:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional_v18",
            "product": {
              "name": "simatic_wincc_runtime_professional_v18",
              "product_id": "CSAFPID-1457962",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v18:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional_v19",
            "product": {
              "name": "simatic_wincc_runtime_professional_v19",
              "product_id": "CSAFPID-1501192",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v19:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional_v19",
            "product": {
              "name": "simatic_wincc_runtime_professional_v19",
              "product_id": "CSAFPID-1457963",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v19:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_unified_pc_runtime",
            "product": {
              "name": "simatic_wincc_unified_pc_runtime",
              "product_id": "CSAFPID-744621",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_unified_pc_runtime:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_unified_pc_runtime",
            "product": {
              "name": "simatic_wincc_unified_pc_runtime",
              "product_id": "CSAFPID-1470068",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_unified_pc_runtime:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_unified_pc_runtime_v18",
            "product": {
              "name": "simatic_wincc_unified_pc_runtime_v18",
              "product_id": "CSAFPID-1637854",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_unified_pc_runtime_v18:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_unified_pc_runtime_v18",
            "product": {
              "name": "simatic_wincc_unified_pc_runtime_v18",
              "product_id": "CSAFPID-1637561",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_unified_pc_runtime_v18:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_unified_v16",
            "product": {
              "name": "simatic_wincc_unified_v16",
              "product_id": "CSAFPID-1703192",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_unified_v16:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_unified_v17",
            "product": {
              "name": "simatic_wincc_unified_v17",
              "product_id": "CSAFPID-1703193",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_unified_v17:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_unified_v18",
            "product": {
              "name": "simatic_wincc_unified_v18",
              "product_id": "CSAFPID-1703194",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_unified_v18:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_v16",
            "product": {
              "name": "simatic_wincc_v16",
              "product_id": "CSAFPID-1702687",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_v16:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_v17",
            "product": {
              "name": "simatic_wincc_v17",
              "product_id": "CSAFPID-1702688",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_v17:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_v18",
            "product": {
              "name": "simatic_wincc_v18",
              "product_id": "CSAFPID-1703195",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_v18:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_v7.4",
            "product": {
              "name": "simatic_wincc_v7.4",
              "product_id": "CSAFPID-1501193",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_v7.4:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_v7.4",
            "product": {
              "name": "simatic_wincc_v7.4",
              "product_id": "CSAFPID-1457965",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_v7.4:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_v7.5",
            "product": {
              "name": "simatic_wincc_v7.5",
              "product_id": "CSAFPID-1501191",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_v7.5:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_v7.5",
            "product": {
              "name": "simatic_wincc_v7.5",
              "product_id": "CSAFPID-1457966",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_v7.5:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_v8.0",
            "product": {
              "name": "simatic_wincc_v8.0",
              "product_id": "CSAFPID-1501189",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_v8.0:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_v8.0",
            "product": {
              "name": "simatic_wincc_v8.0",
              "product_id": "CSAFPID-1457967",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_v8.0:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simocode_es_v16",
            "product": {
              "name": "simocode_es_v16",
              "product_id": "CSAFPID-1702694",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simocode_es_v16:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simocode_es_v17",
            "product": {
              "name": "simocode_es_v17",
              "product_id": "CSAFPID-1703196",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simocode_es_v17:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simocode_es_v18",
            "product": {
              "name": "simocode_es_v18",
              "product_id": "CSAFPID-1703197",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simocode_es_v18:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simotion_scout_tia_v5.4_sp1",
            "product": {
              "name": "simotion_scout_tia_v5.4_sp1",
              "product_id": "CSAFPID-1703198",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simotion_scout_tia_v5.4_sp1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simotion_scout_tia_v5.4_sp3",
            "product": {
              "name": "simotion_scout_tia_v5.4_sp3",
              "product_id": "CSAFPID-1703199",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simotion_scout_tia_v5.4_sp3:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simotion_scout_tia_v5.5_sp1",
            "product": {
              "name": "simotion_scout_tia_v5.5_sp1",
              "product_id": "CSAFPID-1703200",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simotion_scout_tia_v5.5_sp1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinamics_startdrive",
            "product": {
              "name": "sinamics_startdrive",
              "product_id": "CSAFPID-1625341",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinamics_startdrive:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinamics_startdrive",
            "product": {
              "name": "sinamics_startdrive",
              "product_id": "CSAFPID-1470069",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinamics_startdrive:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinamics_startdrive_v16",
            "product": {
              "name": "sinamics_startdrive_v16",
              "product_id": "CSAFPID-1703201",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinamics_startdrive_v16:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinamics_startdrive_v17",
            "product": {
              "name": "sinamics_startdrive_v17",
              "product_id": "CSAFPID-1703202",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinamics_startdrive_v17:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinamics_startdrive_v18",
            "product": {
              "name": "sinamics_startdrive_v18",
              "product_id": "CSAFPID-1703203",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinamics_startdrive_v18:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinec_ins",
            "product": {
              "name": "sinec_ins",
              "product_id": "CSAFPID-746925",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinec_network_management_system",
            "product": {
              "name": "sinec_network_management_system",
              "product_id": "CSAFPID-1691397",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinec_network_management_system:2.0:sp1:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinec_nms",
            "product": {
              "name": "sinec_nms",
              "product_id": "CSAFPID-309392",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinec_nms",
            "product": {
              "name": "sinec_nms",
              "product_id": "CSAFPID-1458012",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinec_nms:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinec_nms",
            "product": {
              "name": "sinec_nms",
              "product_id": "CSAFPID-1693062",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinec_nms:2.0:sp2:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinec_nms",
            "product": {
              "name": "sinec_nms",
              "product_id": "CSAFPID-1691473",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinec_nms:3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinema_remote_connect_client",
            "product": {
              "name": "sinema_remote_connect_client",
              "product_id": "CSAFPID-894438",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinumerik_one_virtual",
            "product": {
              "name": "sinumerik_one_virtual",
              "product_id": "CSAFPID-1625342",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinumerik_one_virtual:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinumerik_one_virtual",
            "product": {
              "name": "sinumerik_one_virtual",
              "product_id": "CSAFPID-1470070",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinumerik_one_virtual:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinumerik_plc_programming_tool",
            "product": {
              "name": "sinumerik_plc_programming_tool",
              "product_id": "CSAFPID-1625338",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinumerik_plc_programming_tool:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinumerik_plc_programming_tool",
            "product": {
              "name": "sinumerik_plc_programming_tool",
              "product_id": "CSAFPID-1470071",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinumerik_plc_programming_tool:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_",
            "product": {
              "name": "siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_",
              "product_id": "CSAFPID-1615264",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siport",
            "product": {
              "name": "siport",
              "product_id": "CSAFPID-1712847",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siport:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sirius_safety_es_v17",
            "product": {
              "name": "sirius_safety_es_v17",
              "product_id": "CSAFPID-1703204",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sirius_safety_es_v17:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sirius_safety_es_v18",
            "product": {
              "name": "sirius_safety_es_v18",
              "product_id": "CSAFPID-1703205",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sirius_safety_es_v18:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sirius_soft_starter_es_v17",
            "product": {
              "name": "sirius_soft_starter_es_v17",
              "product_id": "CSAFPID-1703206",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sirius_soft_starter_es_v17:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sirius_soft_starter_es_v18",
            "product": {
              "name": "sirius_soft_starter_es_v18",
              "product_id": "CSAFPID-1703207",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sirius_soft_starter_es_v18:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "solid_edge_se2024",
            "product": {
              "name": "solid_edge_se2024",
              "product_id": "CSAFPID-1680248",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:solid_edge_se2024:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "spectrum_power_7",
            "product": {
              "name": "spectrum_power_7",
              "product_id": "CSAFPID-524281",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:spectrum_power_7:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "st7_scadaconnect",
            "product": {
              "name": "st7_scadaconnect",
              "product_id": "CSAFPID-1691077",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:st7_scadaconnect:1.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "st7_scadaconnect__6nh7997-5da10-0aa0_",
            "product": {
              "name": "st7_scadaconnect__6nh7997-5da10-0aa0_",
              "product_id": "CSAFPID-1703173",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:st7_scadaconnect__6nh7997-5da10-0aa0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "telecontrol_server_basic",
            "product": {
              "name": "telecontrol_server_basic",
              "product_id": "CSAFPID-1691051",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:telecontrol_server_basic:3.1.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "telecontrol_server_basic_1000_v3.1",
            "product": {
              "name": "telecontrol_server_basic_1000_v3.1",
              "product_id": "CSAFPID-1712839",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:telecontrol_server_basic_1000_v3.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "telecontrol_server_basic_256_v3.1",
            "product": {
              "name": "telecontrol_server_basic_256_v3.1",
              "product_id": "CSAFPID-1712840",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:telecontrol_server_basic_256_v3.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "telecontrol_server_basic_32_v3.1",
            "product": {
              "name": "telecontrol_server_basic_32_v3.1",
              "product_id": "CSAFPID-1712841",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:telecontrol_server_basic_32_v3.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "telecontrol_server_basic_5000_v3.1",
            "product": {
              "name": "telecontrol_server_basic_5000_v3.1",
              "product_id": "CSAFPID-1712842",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:telecontrol_server_basic_5000_v3.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "telecontrol_server_basic_64_v3.1",
            "product": {
              "name": "telecontrol_server_basic_64_v3.1",
              "product_id": "CSAFPID-1712843",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:telecontrol_server_basic_64_v3.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "telecontrol_server_basic_8_v3.1",
            "product": {
              "name": "telecontrol_server_basic_8_v3.1",
              "product_id": "CSAFPID-1712844",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:telecontrol_server_basic_8_v3.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "telecontrol_server_basic_serv_upgr",
            "product": {
              "name": "telecontrol_server_basic_serv_upgr",
              "product_id": "CSAFPID-1712845",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:telecontrol_server_basic_serv_upgr:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "telecontrol_server_basic_upgr_v3.1",
            "product": {
              "name": "telecontrol_server_basic_upgr_v3.1",
              "product_id": "CSAFPID-1712846",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:telecontrol_server_basic_upgr_v3.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "telecontrol_server_basic_v3",
            "product": {
              "name": "telecontrol_server_basic_v3",
              "product_id": "CSAFPID-1637855",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:telecontrol_server_basic_v3:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "tia_portal_cloud_connector",
            "product": {
              "name": "tia_portal_cloud_connector",
              "product_id": "CSAFPID-1625345",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:tia_portal_cloud_connector:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "tia_portal_cloud_connector",
            "product": {
              "name": "tia_portal_cloud_connector",
              "product_id": "CSAFPID-1470072",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:tia_portal_cloud_connector:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "tia_portal_cloud_v16",
            "product": {
              "name": "tia_portal_cloud_v16",
              "product_id": "CSAFPID-1712827",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:tia_portal_cloud_v16:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "tia_portal_cloud_v17",
            "product": {
              "name": "tia_portal_cloud_v17",
              "product_id": "CSAFPID-1712828",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:tia_portal_cloud_v17:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "tia_portal_cloud_v18",
            "product": {
              "name": "tia_portal_cloud_v18",
              "product_id": "CSAFPID-1712829",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:tia_portal_cloud_v18:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal",
            "product": {
              "name": "totally_integrated_automation_portal",
              "product_id": "CSAFPID-74798",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal:15.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal",
            "product": {
              "name": "totally_integrated_automation_portal",
              "product_id": "CSAFPID-75533",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal:16:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal",
            "product": {
              "name": "totally_integrated_automation_portal",
              "product_id": "CSAFPID-74794",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal:17:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal",
            "product": {
              "name": "totally_integrated_automation_portal",
              "product_id": "CSAFPID-74792",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal:18:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal",
            "product": {
              "name": "totally_integrated_automation_portal",
              "product_id": "CSAFPID-1472073",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal:19:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal__tia_portal__v15.1",
            "product": {
              "name": "totally_integrated_automation_portal__tia_portal__v15.1",
              "product_id": "CSAFPID-1615531",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v15.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal__tia_portal__v15.1",
            "product": {
              "name": "totally_integrated_automation_portal__tia_portal__v15.1",
              "product_id": "CSAFPID-1458014",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v15.1:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal__tia_portal__v16",
            "product": {
              "name": "totally_integrated_automation_portal__tia_portal__v16",
              "product_id": "CSAFPID-1615256",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v16:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal__tia_portal__v16",
            "product": {
              "name": "totally_integrated_automation_portal__tia_portal__v16",
              "product_id": "CSAFPID-1458015",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v16:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal__tia_portal__v17",
            "product": {
              "name": "totally_integrated_automation_portal__tia_portal__v17",
              "product_id": "CSAFPID-1615257",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v17:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal__tia_portal__v17",
            "product": {
              "name": "totally_integrated_automation_portal__tia_portal__v17",
              "product_id": "CSAFPID-1458016",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v17:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal__tia_portal__v18",
            "product": {
              "name": "totally_integrated_automation_portal__tia_portal__v18",
              "product_id": "CSAFPID-1615258",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v18:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal__tia_portal__v18",
            "product": {
              "name": "totally_integrated_automation_portal__tia_portal__v18",
              "product_id": "CSAFPID-1458017",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v18:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal__tia_portal__v19",
            "product": {
              "name": "totally_integrated_automation_portal__tia_portal__v19",
              "product_id": "CSAFPID-1637618",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v19:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal__tia_portal__v19",
            "product": {
              "name": "totally_integrated_automation_portal__tia_portal__v19",
              "product_id": "CSAFPID-1470073",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v19:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "wincc",
            "product": {
              "name": "wincc",
              "product_id": "CSAFPID-1625343",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "wincc_tia_portal",
            "product": {
              "name": "wincc_tia_portal",
              "product_id": "CSAFPID-465667",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:wincc_tia_portal:11.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1500",
            "product": {
              "name": "simatic_s7-1500",
              "product_id": "CSAFPID-715650",
              "product_identification_helper": {
                "cpe": "cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7",
            "product": {
              "name": "simatic_s7",
              "product_id": "CSAFPID-1613729",
              "product_identification_helper": {
                "cpe": "cpe:2.3:h:siemens:simatic_s7:1500:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "cpu_1518f-4_pn\\/dp_mfp_firmware",
            "product": {
              "name": "cpu_1518f-4_pn\\/dp_mfp_firmware",
              "product_id": "CSAFPID-1691401",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:cpu_1518f-4_pn\\/dp_mfp_firmware:3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "cpu_1518f-4_pn__dp_mfp_firmware",
            "product": {
              "name": "cpu_1518f-4_pn__dp_mfp_firmware",
              "product_id": "CSAFPID-715649",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:cpu_1518f-4_pn__dp_mfp_firmware:3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "ruggedcom_ape1808",
            "product": {
              "name": "ruggedcom_ape1808",
              "product_id": "CSAFPID-880853",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:ruggedcom_ape1808:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "ruggedcom_ape1808_firmware",
            "product": {
              "name": "ruggedcom_ape1808_firmware",
              "product_id": "CSAFPID-542833",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:ruggedcom_ape1808_firmware:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "security_configuration_tool",
            "product": {
              "name": "security_configuration_tool",
              "product_id": "CSAFPID-540747",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:security_configuration_tool:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siemens_simatic_s7-1500_tm_mfp",
            "product": {
              "name": "siemens_simatic_s7-1500_tm_mfp",
              "product_id": "CSAFPID-1693048",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:siemens_simatic_s7-1500_tm_mfp:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siemens_simatic_s7_-1500_tm_mfp",
            "product": {
              "name": "siemens_simatic_s7_-1500_tm_mfp",
              "product_id": "CSAFPID-907212",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:siemens_simatic_s7_-1500_tm_mfp:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siemens_telecontrol_server_basic",
            "product": {
              "name": "siemens_telecontrol_server_basic",
              "product_id": "CSAFPID-907211",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:siemens_telecontrol_server_basic:3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_mv500_firmware",
            "product": {
              "name": "simatic_mv500_firmware",
              "product_id": "CSAFPID-1692274",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_mv500_firmware:3.3.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_net_pc_software",
            "product": {
              "name": "simatic_net_pc_software",
              "product_id": "CSAFPID-1472070",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_net_pc_software:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_pcs_7",
            "product": {
              "name": "simatic_pcs_7",
              "product_id": "CSAFPID-1472067",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_pcs_7:9.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1500_cpu_1518f-4_pn\\/dp_mfp_firmware",
            "product": {
              "name": "simatic_s7-1500_cpu_1518f-4_pn\\/dp_mfp_firmware",
              "product_id": "CSAFPID-1689769",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518f-4_pn\\/dp_mfp_firmware:3.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1500_cpu_1518f-4_pn__dp_mfp_firmware",
            "product": {
              "name": "simatic_s7-1500_cpu_1518f-4_pn__dp_mfp_firmware",
              "product_id": "CSAFPID-766929",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518f-4_pn__dp_mfp_firmware:3.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1500_tm_mfp_firmware",
            "product": {
              "name": "simatic_s7-1500_tm_mfp_firmware",
              "product_id": "CSAFPID-717239",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_s7-1500_tm_mfp_firmware:1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1500_tm_mfp_firmware",
            "product": {
              "name": "simatic_s7-1500_tm_mfp_firmware",
              "product_id": "CSAFPID-905869",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_s7-1500_tm_mfp_firmware:1.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_step_7",
            "product": {
              "name": "simatic_step_7",
              "product_id": "CSAFPID-879652",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_step_7:5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc",
            "product": {
              "name": "simatic_wincc",
              "product_id": "CSAFPID-1472068",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_wincc:7.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc",
            "product": {
              "name": "simatic_wincc",
              "product_id": "CSAFPID-1472066",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_wincc:7.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc",
            "product": {
              "name": "simatic_wincc",
              "product_id": "CSAFPID-1472072",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_wincc:8.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_oa",
            "product": {
              "name": "simatic_wincc_oa",
              "product_id": "CSAFPID-1472071",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_wincc_oa:3.17:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_advanced",
            "product": {
              "name": "simatic_wincc_runtime_advanced",
              "product_id": "CSAFPID-886176",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_wincc_runtime_advanced:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional",
            "product": {
              "name": "simatic_wincc_runtime_professional",
              "product_id": "CSAFPID-165976",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_wincc_runtime_professional:16:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional",
            "product": {
              "name": "simatic_wincc_runtime_professional",
              "product_id": "CSAFPID-165974",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_wincc_runtime_professional:17:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional",
            "product": {
              "name": "simatic_wincc_runtime_professional",
              "product_id": "CSAFPID-855582",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_wincc_runtime_professional:18:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional",
            "product": {
              "name": "simatic_wincc_runtime_professional",
              "product_id": "CSAFPID-855580",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_wincc_runtime_professional:19:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-3506",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2021-3506",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-3506.json"
        }
      ],
      "title": "CVE-2021-3506"
    },
    {
      "cve": "CVE-2023-2975",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Authentication",
          "title": "CWE-287"
        },
        {
          "category": "other",
          "text": "Improper Validation of Integrity Check Value",
          "title": "CWE-354"
        },
        {
          "category": "other",
          "text": "Use of a Broken or Risky Cryptographic Algorithm",
          "title": "CWE-327"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1703073",
          "CSAFPID-309392"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-2975",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2975.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1703073",
            "CSAFPID-309392"
          ]
        }
      ],
      "title": "CVE-2023-2975"
    },
    {
      "cve": "CVE-2023-3341",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-3341",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-3341.json"
        }
      ],
      "title": "CVE-2023-3341"
    },
    {
      "cve": "CVE-2023-3446",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Inefficient Regular Expression Complexity",
          "title": "CWE-1333"
        },
        {
          "category": "other",
          "text": "Unchecked Input for Loop Condition",
          "title": "CWE-606"
        },
        {
          "category": "other",
          "text": "Use of a Cryptographic Primitive with a Risky Implementation",
          "title": "CWE-1240"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-1703073",
          "CSAFPID-309392",
          "CSAFPID-1637855",
          "CSAFPID-1703131",
          "CSAFPID-1703173"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-3446",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-3446.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1615260",
            "CSAFPID-1615261",
            "CSAFPID-1615262",
            "CSAFPID-1615263",
            "CSAFPID-1615264",
            "CSAFPID-1703073",
            "CSAFPID-309392",
            "CSAFPID-1637855",
            "CSAFPID-1703131",
            "CSAFPID-1703173"
          ]
        }
      ],
      "title": "CVE-2023-3446"
    },
    {
      "cve": "CVE-2023-3817",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Excessive Iteration",
          "title": "CWE-834"
        },
        {
          "category": "other",
          "text": "Unchecked Input for Loop Condition",
          "title": "CWE-606"
        },
        {
          "category": "other",
          "text": "Use of a Cryptographic Primitive with a Risky Implementation",
          "title": "CWE-1240"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-1613729",
          "CSAFPID-1703073",
          "CSAFPID-309392"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-3817",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-3817.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1615260",
            "CSAFPID-1615261",
            "CSAFPID-1615262",
            "CSAFPID-1615263",
            "CSAFPID-1615264",
            "CSAFPID-1613729",
            "CSAFPID-1703073",
            "CSAFPID-309392"
          ]
        }
      ],
      "title": "CVE-2023-3817"
    },
    {
      "cve": "CVE-2023-4236",
      "cwe": {
        "id": "CWE-617",
        "name": "Reachable Assertion"
      },
      "notes": [
        {
          "category": "other",
          "text": "Reachable Assertion",
          "title": "CWE-617"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-4236",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4236.json"
        }
      ],
      "title": "CVE-2023-4236"
    },
    {
      "cve": "CVE-2023-4408",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-4408",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4408.json"
        }
      ],
      "title": "CVE-2023-4408"
    },
    {
      "cve": "CVE-2023-4807",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Expected Behavior Violation",
          "title": "CWE-440"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-1637855",
          "CSAFPID-1703180",
          "CSAFPID-1703181",
          "CSAFPID-1703182",
          "CSAFPID-1703183",
          "CSAFPID-1703184",
          "CSAFPID-1703185",
          "CSAFPID-1703186"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-4807",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4807.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1615260",
            "CSAFPID-1615261",
            "CSAFPID-1615262",
            "CSAFPID-1615263",
            "CSAFPID-1615264",
            "CSAFPID-1637855",
            "CSAFPID-1703180",
            "CSAFPID-1703181",
            "CSAFPID-1703182",
            "CSAFPID-1703183",
            "CSAFPID-1703184",
            "CSAFPID-1703185",
            "CSAFPID-1703186"
          ]
        }
      ],
      "title": "CVE-2023-4807"
    },
    {
      "cve": "CVE-2023-5363",
      "cwe": {
        "id": "CWE-325",
        "name": "Missing Cryptographic Step"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Cryptographic Step",
          "title": "CWE-325"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Incorrect Provision of Specified Functionality",
          "title": "CWE-684"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1703180",
          "CSAFPID-1703181",
          "CSAFPID-1703182",
          "CSAFPID-1703183",
          "CSAFPID-1703184",
          "CSAFPID-1703185",
          "CSAFPID-1703186"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-5363",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5363.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1703180",
            "CSAFPID-1703181",
            "CSAFPID-1703182",
            "CSAFPID-1703183",
            "CSAFPID-1703184",
            "CSAFPID-1703185",
            "CSAFPID-1703186"
          ]
        }
      ],
      "title": "CVE-2023-5363"
    },
    {
      "cve": "CVE-2023-5517",
      "cwe": {
        "id": "CWE-617",
        "name": "Reachable Assertion"
      },
      "notes": [
        {
          "category": "other",
          "text": "Reachable Assertion",
          "title": "CWE-617"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-5517",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5517.json"
        }
      ],
      "title": "CVE-2023-5517"
    },
    {
      "cve": "CVE-2023-5678",
      "cwe": {
        "id": "CWE-754",
        "name": "Improper Check for Unusual or Exceptional Conditions"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Check for Unusual or Exceptional Conditions",
          "title": "CWE-754"
        },
        {
          "category": "other",
          "text": "Missing Cryptographic Step",
          "title": "CWE-325"
        },
        {
          "category": "other",
          "text": "Unchecked Input for Loop Condition",
          "title": "CWE-606"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1613729",
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-1637855",
          "CSAFPID-1703131",
          "CSAFPID-309392",
          "CSAFPID-1703173",
          "CSAFPID-1703180",
          "CSAFPID-1703181",
          "CSAFPID-1703182",
          "CSAFPID-1703183",
          "CSAFPID-1703184",
          "CSAFPID-1703185",
          "CSAFPID-1703186"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-5678",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5678.json"
        }
      ],
      "title": "CVE-2023-5678"
    },
    {
      "cve": "CVE-2023-5679",
      "cwe": {
        "id": "CWE-617",
        "name": "Reachable Assertion"
      },
      "notes": [
        {
          "category": "other",
          "text": "Reachable Assertion",
          "title": "CWE-617"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-5679",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5679.json"
        }
      ],
      "title": "CVE-2023-5679"
    },
    {
      "cve": "CVE-2023-5680",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-5680",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5680.json"
        }
      ],
      "title": "CVE-2023-5680"
    },
    {
      "cve": "CVE-2023-6129",
      "cwe": {
        "id": "CWE-328",
        "name": "Use of Weak Hash"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use of Weak Hash",
          "title": "CWE-328"
        },
        {
          "category": "other",
          "text": "Expected Behavior Violation",
          "title": "CWE-440"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "other",
          "text": "Use of a Broken or Risky Cryptographic Algorithm",
          "title": "CWE-327"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-6129",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6129.json"
        }
      ],
      "title": "CVE-2023-6129"
    },
    {
      "cve": "CVE-2023-6237",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Unchecked Input for Loop Condition",
          "title": "CWE-606"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-6237",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6237.json"
        }
      ],
      "title": "CVE-2023-6237"
    },
    {
      "cve": "CVE-2023-6516",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Memory Allocation with Excessive Size Value",
          "title": "CWE-789"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-6516",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6516.json"
        }
      ],
      "title": "CVE-2023-6516"
    },
    {
      "cve": "CVE-2023-7104",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1703131"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-7104",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-7104.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1703131"
          ]
        }
      ],
      "title": "CVE-2023-7104"
    },
    {
      "cve": "CVE-2023-28450",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "other",
          "text": "Missing Encryption of Sensitive Data",
          "title": "CWE-311"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1613504",
          "CSAFPID-1613505",
          "CSAFPID-1613506",
          "CSAFPID-1613507",
          "CSAFPID-1613592",
          "CSAFPID-1613593",
          "CSAFPID-1613594",
          "CSAFPID-1613595",
          "CSAFPID-1613596",
          "CSAFPID-1613597",
          "CSAFPID-1613598"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-28450",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-28450.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1613504",
            "CSAFPID-1613505",
            "CSAFPID-1613506",
            "CSAFPID-1613507",
            "CSAFPID-1613592",
            "CSAFPID-1613593",
            "CSAFPID-1613594",
            "CSAFPID-1613595",
            "CSAFPID-1613596",
            "CSAFPID-1613597",
            "CSAFPID-1613598"
          ]
        }
      ],
      "title": "CVE-2023-28450"
    },
    {
      "cve": "CVE-2023-30584",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-309392"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-30584",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-30584.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-309392"
          ]
        }
      ],
      "title": "CVE-2023-30584"
    },
    {
      "cve": "CVE-2023-32002",
      "cwe": {
        "id": "CWE-275",
        "name": "-"
      },
      "notes": [
        {
          "category": "other",
          "text": "CWE-275",
          "title": "CWE-275"
        },
        {
          "category": "other",
          "text": "Missing Encryption of Sensitive Data",
          "title": "CWE-311"
        },
        {
          "category": "other",
          "text": "Policy Privileges are not Assigned Consistently Between Control and Data Agents",
          "title": "CWE-1268"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-309392"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-32002",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-32002.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-309392"
          ]
        }
      ],
      "title": "CVE-2023-32002"
    },
    {
      "cve": "CVE-2023-32003",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-309392"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-32003",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-32003.json"
        }
      ],
      "title": "CVE-2023-32003"
    },
    {
      "cve": "CVE-2023-32004",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-309392"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-32004",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-32004.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-309392"
          ]
        }
      ],
      "title": "CVE-2023-32004"
    },
    {
      "cve": "CVE-2023-32005",
      "cwe": {
        "id": "CWE-275",
        "name": "-"
      },
      "notes": [
        {
          "category": "other",
          "text": "CWE-275",
          "title": "CWE-275"
        },
        {
          "category": "other",
          "text": "Incorrect Permission Assignment for Critical Resource",
          "title": "CWE-732"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-309392"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-32005",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-32005.json"
        }
      ],
      "title": "CVE-2023-32005"
    },
    {
      "cve": "CVE-2023-32006",
      "cwe": {
        "id": "CWE-275",
        "name": "-"
      },
      "notes": [
        {
          "category": "other",
          "text": "CWE-275",
          "title": "CWE-275"
        },
        {
          "category": "other",
          "text": "Exposure of Sensitive Information Due to Incompatible Policies",
          "title": "CWE-213"
        },
        {
          "category": "other",
          "text": "Missing Encryption of Sensitive Data",
          "title": "CWE-311"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-309392"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-32006",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-32006.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-309392"
          ]
        }
      ],
      "title": "CVE-2023-32006"
    },
    {
      "cve": "CVE-2023-32558",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-309392"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-32558",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-32558.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-309392"
          ]
        }
      ],
      "title": "CVE-2023-32558"
    },
    {
      "cve": "CVE-2023-32559",
      "cwe": {
        "id": "CWE-275",
        "name": "-"
      },
      "notes": [
        {
          "category": "other",
          "text": "CWE-275",
          "title": "CWE-275"
        },
        {
          "category": "other",
          "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "title": "CWE-94"
        },
        {
          "category": "other",
          "text": "Missing Encryption of Sensitive Data",
          "title": "CWE-311"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-309392"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-32559",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-32559.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-309392"
          ]
        }
      ],
      "title": "CVE-2023-32559"
    },
    {
      "cve": "CVE-2023-32736",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1712825",
          "CSAFPID-1712826",
          "CSAFPID-1703190",
          "CSAFPID-1703191",
          "CSAFPID-1500667",
          "CSAFPID-1703187",
          "CSAFPID-1703188",
          "CSAFPID-1703189",
          "CSAFPID-1703192",
          "CSAFPID-1703193",
          "CSAFPID-1703194",
          "CSAFPID-1702687",
          "CSAFPID-1702688",
          "CSAFPID-1703195",
          "CSAFPID-1702694",
          "CSAFPID-1703196",
          "CSAFPID-1703197",
          "CSAFPID-1703198",
          "CSAFPID-1703199",
          "CSAFPID-1703200",
          "CSAFPID-1703201",
          "CSAFPID-1703202",
          "CSAFPID-1703203",
          "CSAFPID-1703204",
          "CSAFPID-1703205",
          "CSAFPID-1703206",
          "CSAFPID-1703207",
          "CSAFPID-1712827",
          "CSAFPID-1712828",
          "CSAFPID-1712829"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-32736",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-32736.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1712825",
            "CSAFPID-1712826",
            "CSAFPID-1703190",
            "CSAFPID-1703191",
            "CSAFPID-1500667",
            "CSAFPID-1703187",
            "CSAFPID-1703188",
            "CSAFPID-1703189",
            "CSAFPID-1703192",
            "CSAFPID-1703193",
            "CSAFPID-1703194",
            "CSAFPID-1702687",
            "CSAFPID-1702688",
            "CSAFPID-1703195",
            "CSAFPID-1702694",
            "CSAFPID-1703196",
            "CSAFPID-1703197",
            "CSAFPID-1703198",
            "CSAFPID-1703199",
            "CSAFPID-1703200",
            "CSAFPID-1703201",
            "CSAFPID-1703202",
            "CSAFPID-1703203",
            "CSAFPID-1703204",
            "CSAFPID-1703205",
            "CSAFPID-1703206",
            "CSAFPID-1703207",
            "CSAFPID-1712827",
            "CSAFPID-1712828",
            "CSAFPID-1712829"
          ]
        }
      ],
      "title": "CVE-2023-32736"
    },
    {
      "cve": "CVE-2023-38552",
      "cwe": {
        "id": "CWE-354",
        "name": "Improper Validation of Integrity Check Value"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Validation of Integrity Check Value",
          "title": "CWE-354"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-38552",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-38552.json"
        }
      ],
      "title": "CVE-2023-38552"
    },
    {
      "cve": "CVE-2023-38709",
      "cwe": {
        "id": "CWE-113",
        "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)",
          "title": "CWE-113"
        },
        {
          "category": "other",
          "text": "Improper Validation of Specified Quantity in Input",
          "title": "CWE-1284"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-38709",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-38709.json"
        }
      ],
      "title": "CVE-2023-38709"
    },
    {
      "cve": "CVE-2023-39331",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-39331",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-39331.json"
        }
      ],
      "title": "CVE-2023-39331"
    },
    {
      "cve": "CVE-2023-39332",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-39332",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-39332.json"
        }
      ],
      "title": "CVE-2023-39332"
    },
    {
      "cve": "CVE-2023-39333",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "title": "CWE-94"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-39333",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-39333.json"
        }
      ],
      "title": "CVE-2023-39333"
    },
    {
      "cve": "CVE-2023-44487",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-309392",
          "CSAFPID-1615259",
          "CSAFPID-1703173"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-44487",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1615260",
            "CSAFPID-1615261",
            "CSAFPID-1615262",
            "CSAFPID-1615263",
            "CSAFPID-1615264",
            "CSAFPID-309392",
            "CSAFPID-1615259",
            "CSAFPID-1703173"
          ]
        }
      ],
      "title": "CVE-2023-44487"
    },
    {
      "cve": "CVE-2023-45143",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-45143",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45143.json"
        }
      ],
      "title": "CVE-2023-45143"
    },
    {
      "cve": "CVE-2023-46218",
      "cwe": {
        "id": "CWE-201",
        "name": "Insertion of Sensitive Information Into Sent Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insertion of Sensitive Information Into Sent Data",
          "title": "CWE-201"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-1703180",
          "CSAFPID-1703181",
          "CSAFPID-1703182",
          "CSAFPID-1703183",
          "CSAFPID-1703184",
          "CSAFPID-1703185",
          "CSAFPID-1703186"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-46218",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46218.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1615260",
            "CSAFPID-1615261",
            "CSAFPID-1615262",
            "CSAFPID-1615263",
            "CSAFPID-1615264",
            "CSAFPID-1703180",
            "CSAFPID-1703181",
            "CSAFPID-1703182",
            "CSAFPID-1703183",
            "CSAFPID-1703184",
            "CSAFPID-1703185",
            "CSAFPID-1703186"
          ]
        }
      ],
      "title": "CVE-2023-46218"
    },
    {
      "cve": "CVE-2023-46219",
      "cwe": {
        "id": "CWE-311",
        "name": "Missing Encryption of Sensitive Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Encryption of Sensitive Data",
          "title": "CWE-311"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-1703180",
          "CSAFPID-1703181",
          "CSAFPID-1703182",
          "CSAFPID-1703183",
          "CSAFPID-1703184",
          "CSAFPID-1703185",
          "CSAFPID-1703186"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-46219",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46219.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1615260",
            "CSAFPID-1615261",
            "CSAFPID-1615262",
            "CSAFPID-1615263",
            "CSAFPID-1615264",
            "CSAFPID-1703180",
            "CSAFPID-1703181",
            "CSAFPID-1703182",
            "CSAFPID-1703183",
            "CSAFPID-1703184",
            "CSAFPID-1703185",
            "CSAFPID-1703186"
          ]
        }
      ],
      "title": "CVE-2023-46219"
    },
    {
      "cve": "CVE-2023-46280",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1458012",
          "CSAFPID-309392",
          "CSAFPID-1625338",
          "CSAFPID-1625340",
          "CSAFPID-1625341",
          "CSAFPID-75563",
          "CSAFPID-1625342",
          "CSAFPID-165765",
          "CSAFPID-1625345",
          "CSAFPID-766087",
          "CSAFPID-1637559",
          "CSAFPID-1637560",
          "CSAFPID-1637561",
          "CSAFPID-1637909",
          "CSAFPID-1637910",
          "CSAFPID-1637849",
          "CSAFPID-1637850",
          "CSAFPID-1637851",
          "CSAFPID-1637911",
          "CSAFPID-1501190",
          "CSAFPID-1637912",
          "CSAFPID-1637856",
          "CSAFPID-1637913",
          "CSAFPID-1637914",
          "CSAFPID-1637915",
          "CSAFPID-1637916",
          "CSAFPID-1637917",
          "CSAFPID-1637887",
          "CSAFPID-1501188",
          "CSAFPID-1501192",
          "CSAFPID-1637854",
          "CSAFPID-1501193",
          "CSAFPID-1501191",
          "CSAFPID-1501189",
          "CSAFPID-1615531",
          "CSAFPID-1615256",
          "CSAFPID-1615257",
          "CSAFPID-1615258",
          "CSAFPID-1637618",
          "CSAFPID-1470060",
          "CSAFPID-1470061",
          "CSAFPID-1470062",
          "CSAFPID-1470063",
          "CSAFPID-1470064",
          "CSAFPID-1457909",
          "CSAFPID-1470065",
          "CSAFPID-1470066",
          "CSAFPID-1457855",
          "CSAFPID-1457956",
          "CSAFPID-1457957",
          "CSAFPID-1457958",
          "CSAFPID-1470067",
          "CSAFPID-1457960",
          "CSAFPID-1457961",
          "CSAFPID-1457962",
          "CSAFPID-1457963",
          "CSAFPID-1470068",
          "CSAFPID-1457965",
          "CSAFPID-1457966",
          "CSAFPID-1457967",
          "CSAFPID-1470069",
          "CSAFPID-1470070",
          "CSAFPID-1470071",
          "CSAFPID-1470072",
          "CSAFPID-1458014",
          "CSAFPID-1458015",
          "CSAFPID-1458016",
          "CSAFPID-1458017",
          "CSAFPID-1470073",
          "CSAFPID-75533",
          "CSAFPID-1472069",
          "CSAFPID-1472073",
          "CSAFPID-74792",
          "CSAFPID-74794",
          "CSAFPID-1457906",
          "CSAFPID-1457907",
          "CSAFPID-1457908"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-46280",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46280.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1458012",
            "CSAFPID-309392",
            "CSAFPID-1625338",
            "CSAFPID-1625340",
            "CSAFPID-1625341",
            "CSAFPID-75563",
            "CSAFPID-1625342",
            "CSAFPID-165765",
            "CSAFPID-1625345",
            "CSAFPID-766087",
            "CSAFPID-1637559",
            "CSAFPID-1637560",
            "CSAFPID-1637561",
            "CSAFPID-1637909",
            "CSAFPID-1637910",
            "CSAFPID-1637849",
            "CSAFPID-1637850",
            "CSAFPID-1637851",
            "CSAFPID-1637911",
            "CSAFPID-1501190",
            "CSAFPID-1637912",
            "CSAFPID-1637856",
            "CSAFPID-1637913",
            "CSAFPID-1637914",
            "CSAFPID-1637915",
            "CSAFPID-1637916",
            "CSAFPID-1637917",
            "CSAFPID-1637887",
            "CSAFPID-1501188",
            "CSAFPID-1501192",
            "CSAFPID-1637854",
            "CSAFPID-1501193",
            "CSAFPID-1501191",
            "CSAFPID-1501189",
            "CSAFPID-1615531",
            "CSAFPID-1615256",
            "CSAFPID-1615257",
            "CSAFPID-1615258",
            "CSAFPID-1637618",
            "CSAFPID-1470060",
            "CSAFPID-1470061",
            "CSAFPID-1470062",
            "CSAFPID-1470063",
            "CSAFPID-1470064",
            "CSAFPID-1457909",
            "CSAFPID-1470065",
            "CSAFPID-1470066",
            "CSAFPID-1457855",
            "CSAFPID-1457956",
            "CSAFPID-1457957",
            "CSAFPID-1457958",
            "CSAFPID-1470067",
            "CSAFPID-1457960",
            "CSAFPID-1457961",
            "CSAFPID-1457962",
            "CSAFPID-1457963",
            "CSAFPID-1470068",
            "CSAFPID-1457965",
            "CSAFPID-1457966",
            "CSAFPID-1457967",
            "CSAFPID-1470069",
            "CSAFPID-1470070",
            "CSAFPID-1470071",
            "CSAFPID-1470072",
            "CSAFPID-1458014",
            "CSAFPID-1458015",
            "CSAFPID-1458016",
            "CSAFPID-1458017",
            "CSAFPID-1470073",
            "CSAFPID-75533",
            "CSAFPID-1472069",
            "CSAFPID-1472073",
            "CSAFPID-74792",
            "CSAFPID-74794",
            "CSAFPID-1457906",
            "CSAFPID-1457907",
            "CSAFPID-1457908"
          ]
        }
      ],
      "title": "CVE-2023-46280"
    },
    {
      "cve": "CVE-2023-46809",
      "cwe": {
        "id": "CWE-208",
        "name": "Observable Timing Discrepancy"
      },
      "notes": [
        {
          "category": "other",
          "text": "Observable Timing Discrepancy",
          "title": "CWE-208"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-46809",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46809.json"
        }
      ],
      "title": "CVE-2023-46809"
    },
    {
      "cve": "CVE-2023-47038",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-47038",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-47038.json"
        }
      ],
      "title": "CVE-2023-47038"
    },
    {
      "cve": "CVE-2023-47039",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-47039",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-47039.json"
        }
      ],
      "title": "CVE-2023-47039"
    },
    {
      "cve": "CVE-2023-47100",
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-47100",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-47100.json"
        }
      ],
      "title": "CVE-2023-47100"
    },
    {
      "cve": "CVE-2023-48795",
      "cwe": {
        "id": "CWE-222",
        "name": "Truncation of Security-relevant Information"
      },
      "notes": [
        {
          "category": "other",
          "text": "Truncation of Security-relevant Information",
          "title": "CWE-222"
        },
        {
          "category": "other",
          "text": "Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
          "title": "CWE-757"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1615259",
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-1703131"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-48795",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1615259",
            "CSAFPID-1615260",
            "CSAFPID-1615261",
            "CSAFPID-1615262",
            "CSAFPID-1615263",
            "CSAFPID-1615264",
            "CSAFPID-1703131"
          ]
        }
      ],
      "title": "CVE-2023-48795"
    },
    {
      "cve": "CVE-2023-49441",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "other",
          "text": "Integer Overflow or Wraparound",
          "title": "CWE-190"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-49441",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-49441.json"
        }
      ],
      "title": "CVE-2023-49441"
    },
    {
      "cve": "CVE-2023-50387",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-50387",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-50387.json"
        }
      ],
      "title": "CVE-2023-50387"
    },
    {
      "cve": "CVE-2023-50868",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-50868",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-50868.json"
        }
      ],
      "title": "CVE-2023-50868"
    },
    {
      "cve": "CVE-2023-52389",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Stack-based Buffer Overflow",
          "title": "CWE-121"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-52389",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52389.json"
        }
      ],
      "title": "CVE-2023-52389"
    },
    {
      "cve": "CVE-2024-0232",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1703131"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-0232",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0232.json"
        }
      ],
      "title": "CVE-2024-0232"
    },
    {
      "cve": "CVE-2024-0727",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "NULL Pointer Dereference",
          "title": "CWE-476"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1613729",
          "CSAFPID-1703131"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-0727",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0727.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1613729",
            "CSAFPID-1703131"
          ]
        }
      ],
      "title": "CVE-2024-0727"
    },
    {
      "cve": "CVE-2024-2004",
      "cwe": {
        "id": "CWE-319",
        "name": "Cleartext Transmission of Sensitive Information"
      },
      "notes": [
        {
          "category": "other",
          "text": "Cleartext Transmission of Sensitive Information",
          "title": "CWE-319"
        },
        {
          "category": "other",
          "text": "Misinterpretation of Input",
          "title": "CWE-115"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Interpretation Conflict",
          "title": "CWE-436"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-894438"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-2004",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2004.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1615260",
            "CSAFPID-1615261",
            "CSAFPID-1615262",
            "CSAFPID-1615263",
            "CSAFPID-1615264",
            "CSAFPID-894438"
          ]
        }
      ],
      "title": "CVE-2024-2004"
    },
    {
      "cve": "CVE-2024-2379",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Certificate Validation",
          "title": "CWE-295"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-894438"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-2379",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2379.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1615260",
            "CSAFPID-1615261",
            "CSAFPID-1615262",
            "CSAFPID-1615263",
            "CSAFPID-1615264",
            "CSAFPID-894438"
          ]
        }
      ],
      "title": "CVE-2024-2379"
    },
    {
      "cve": "CVE-2024-2398",
      "cwe": {
        "id": "CWE-772",
        "name": "Missing Release of Resource after Effective Lifetime"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Release of Resource after Effective Lifetime",
          "title": "CWE-772"
        },
        {
          "category": "other",
          "text": "Missing Release of Memory after Effective Lifetime",
          "title": "CWE-401"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-894438"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-2398",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2398.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1615260",
            "CSAFPID-1615261",
            "CSAFPID-1615262",
            "CSAFPID-1615263",
            "CSAFPID-1615264",
            "CSAFPID-894438"
          ]
        }
      ],
      "title": "CVE-2024-2398"
    },
    {
      "cve": "CVE-2024-2466",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Certificate Validation",
          "title": "CWE-295"
        },
        {
          "category": "other",
          "text": "Improper Validation of Certificate with Host Mismatch",
          "title": "CWE-297"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-894438"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-2466",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2466.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1615260",
            "CSAFPID-1615261",
            "CSAFPID-1615262",
            "CSAFPID-1615263",
            "CSAFPID-1615264",
            "CSAFPID-894438"
          ]
        }
      ],
      "title": "CVE-2024-2466"
    },
    {
      "cve": "CVE-2024-2511",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Improperly Controlled Sequential Memory Allocation",
          "title": "CWE-1325"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-1703131"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-2511",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2511.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1615260",
            "CSAFPID-1615261",
            "CSAFPID-1615262",
            "CSAFPID-1615263",
            "CSAFPID-1615264",
            "CSAFPID-1703131"
          ]
        }
      ],
      "title": "CVE-2024-2511"
    },
    {
      "cve": "CVE-2024-4603",
      "cwe": {
        "id": "CWE-606",
        "name": "Unchecked Input for Loop Condition"
      },
      "notes": [
        {
          "category": "other",
          "text": "Unchecked Input for Loop Condition",
          "title": "CWE-606"
        },
        {
          "category": "other",
          "text": "Excessive Iteration",
          "title": "CWE-834"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-4603",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4603.json"
        }
      ],
      "title": "CVE-2024-4603"
    },
    {
      "cve": "CVE-2024-4741",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-4741",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4741.json"
        }
      ],
      "title": "CVE-2024-4741"
    },
    {
      "cve": "CVE-2024-5535",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-1703131"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-5535",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5535.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1615260",
            "CSAFPID-1615261",
            "CSAFPID-1615262",
            "CSAFPID-1615263",
            "CSAFPID-1615264",
            "CSAFPID-1703131"
          ]
        }
      ],
      "title": "CVE-2024-5535"
    },
    {
      "cve": "CVE-2024-5594",
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-5594",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5594.json"
        }
      ],
      "title": "CVE-2024-5594"
    },
    {
      "cve": "CVE-2024-21890",
      "cwe": {
        "id": "CWE-275",
        "name": "-"
      },
      "notes": [
        {
          "category": "other",
          "text": "CWE-275",
          "title": "CWE-275"
        },
        {
          "category": "other",
          "text": "Insufficient Technical Documentation",
          "title": "CWE-1059"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21890",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21890.json"
        }
      ],
      "title": "CVE-2024-21890"
    },
    {
      "cve": "CVE-2024-21891",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21891",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21891.json"
        }
      ],
      "title": "CVE-2024-21891"
    },
    {
      "cve": "CVE-2024-21892",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "title": "CWE-94"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21892",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21892.json"
        }
      ],
      "title": "CVE-2024-21892"
    },
    {
      "cve": "CVE-2024-21896",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21896",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21896.json"
        }
      ],
      "title": "CVE-2024-21896"
    },
    {
      "cve": "CVE-2024-22017",
      "cwe": {
        "id": "CWE-271",
        "name": "Privilege Dropping / Lowering Errors"
      },
      "notes": [
        {
          "category": "other",
          "text": "Privilege Dropping / Lowering Errors",
          "title": "CWE-271"
        },
        {
          "category": "other",
          "text": "Improper Privilege Management",
          "title": "CWE-269"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-22017",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22017.json"
        }
      ],
      "title": "CVE-2024-22017"
    },
    {
      "cve": "CVE-2024-22019",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-22019",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22019.json"
        }
      ],
      "title": "CVE-2024-22019"
    },
    {
      "cve": "CVE-2024-22025",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-22025",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22025.json"
        }
      ],
      "title": "CVE-2024-22025"
    },
    {
      "cve": "CVE-2024-24758",
      "cwe": {
        "id": "CWE-942",
        "name": "Permissive Cross-domain Policy with Untrusted Domains"
      },
      "notes": [
        {
          "category": "other",
          "text": "Permissive Cross-domain Policy with Untrusted Domains",
          "title": "CWE-942"
        },
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-24758",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24758.json"
        }
      ],
      "title": "CVE-2024-24758"
    },
    {
      "cve": "CVE-2024-24795",
      "cwe": {
        "id": "CWE-113",
        "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)",
          "title": "CWE-113"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-24795",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24795.json"
        }
      ],
      "title": "CVE-2024-24795"
    },
    {
      "cve": "CVE-2024-24806",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Server-Side Request Forgery (SSRF)",
          "title": "CWE-918"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-24806",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24806.json"
        }
      ],
      "title": "CVE-2024-24806"
    },
    {
      "cve": "CVE-2024-26306",
      "cwe": {
        "id": "CWE-310",
        "name": "-"
      },
      "notes": [
        {
          "category": "other",
          "text": "CWE-310",
          "title": "CWE-310"
        },
        {
          "category": "other",
          "text": "Observable Discrepancy",
          "title": "CWE-203"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-26306",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26306.json"
        }
      ],
      "title": "CVE-2024-26306"
    },
    {
      "cve": "CVE-2024-26925",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "other",
          "text": "Improper Locking",
          "title": "CWE-667"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-26925",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26925.json"
        }
      ],
      "title": "CVE-2024-26925"
    },
    {
      "cve": "CVE-2024-27316",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-27316",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27316.json"
        }
      ],
      "title": "CVE-2024-27316"
    },
    {
      "cve": "CVE-2024-27980",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
          "title": "CWE-78"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-27980",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27980.json"
        }
      ],
      "title": "CVE-2024-27980"
    },
    {
      "cve": "CVE-2024-27982",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
          "title": "CWE-444"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-27982",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27982.json"
        }
      ],
      "title": "CVE-2024-27982"
    },
    {
      "cve": "CVE-2024-27983",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-27983",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27983.json"
        }
      ],
      "title": "CVE-2024-27983"
    },
    {
      "cve": "CVE-2024-28882",
      "cwe": {
        "id": "CWE-772",
        "name": "Missing Release of Resource after Effective Lifetime"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Release of Resource after Effective Lifetime",
          "title": "CWE-772"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-28882",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28882.json"
        }
      ],
      "title": "CVE-2024-28882"
    },
    {
      "cve": "CVE-2024-29119",
      "cwe": {
        "id": "CWE-266",
        "name": "Incorrect Privilege Assignment"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incorrect Privilege Assignment",
          "title": "CWE-266"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-524281"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-29119",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29119.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-524281"
          ]
        }
      ],
      "title": "CVE-2024-29119"
    },
    {
      "cve": "CVE-2024-36140",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1712832",
          "CSAFPID-1712833"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-36140",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36140.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1712832",
            "CSAFPID-1712833"
          ]
        }
      ],
      "title": "CVE-2024-36140"
    },
    {
      "cve": "CVE-2024-44102",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1712834",
          "CSAFPID-1712835",
          "CSAFPID-1712836",
          "CSAFPID-1712837",
          "CSAFPID-1712838",
          "CSAFPID-1712839",
          "CSAFPID-1712840",
          "CSAFPID-1712841",
          "CSAFPID-1712842",
          "CSAFPID-1712843",
          "CSAFPID-1712844",
          "CSAFPID-1712845",
          "CSAFPID-1712846"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-44102",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44102.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1712834",
            "CSAFPID-1712835",
            "CSAFPID-1712836",
            "CSAFPID-1712837",
            "CSAFPID-1712838",
            "CSAFPID-1712839",
            "CSAFPID-1712840",
            "CSAFPID-1712841",
            "CSAFPID-1712842",
            "CSAFPID-1712843",
            "CSAFPID-1712844",
            "CSAFPID-1712845",
            "CSAFPID-1712846"
          ]
        }
      ],
      "title": "CVE-2024-44102"
    },
    {
      "cve": "CVE-2024-46888",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-746925"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-46888",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-46888.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-746925"
          ]
        }
      ],
      "title": "CVE-2024-46888"
    },
    {
      "cve": "CVE-2024-46889",
      "cwe": {
        "id": "CWE-321",
        "name": "Use of Hard-coded Cryptographic Key"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use of Hard-coded Cryptographic Key",
          "title": "CWE-321"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-746925"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-46889",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-46889.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-746925"
          ]
        }
      ],
      "title": "CVE-2024-46889"
    },
    {
      "cve": "CVE-2024-46890",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
          "title": "CWE-78"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-746925"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-46890",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-46890.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-746925"
          ]
        }
      ],
      "title": "CVE-2024-46890"
    },
    {
      "cve": "CVE-2024-46891",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-746925"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-46891",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-46891.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-746925"
          ]
        }
      ],
      "title": "CVE-2024-46891"
    },
    {
      "cve": "CVE-2024-46892",
      "cwe": {
        "id": "CWE-613",
        "name": "Insufficient Session Expiration"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insufficient Session Expiration",
          "title": "CWE-613"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-746925"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-46892",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-46892.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-746925"
          ]
        }
      ],
      "title": "CVE-2024-46892"
    },
    {
      "cve": "CVE-2024-46894",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-746925"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-46894",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-46894.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-746925"
          ]
        }
      ],
      "title": "CVE-2024-46894"
    },
    {
      "cve": "CVE-2024-47783",
      "cwe": {
        "id": "CWE-732",
        "name": "Incorrect Permission Assignment for Critical Resource"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incorrect Permission Assignment for Critical Resource",
          "title": "CWE-732"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1712847"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-47783",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47783.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1712847"
          ]
        }
      ],
      "title": "CVE-2024-47783"
    },
    {
      "cve": "CVE-2024-47808",
      "cwe": {
        "id": "CWE-732",
        "name": "Incorrect Permission Assignment for Critical Resource"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incorrect Permission Assignment for Critical Resource",
          "title": "CWE-732"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-309392"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-47808",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47808.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-309392"
          ]
        }
      ],
      "title": "CVE-2024-47808"
    },
    {
      "cve": "CVE-2024-47940",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1680248"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-47940",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47940.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1680248"
          ]
        }
      ],
      "title": "CVE-2024-47940"
    },
    {
      "cve": "CVE-2024-47941",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1680248"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-47941",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47941.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1680248"
          ]
        }
      ],
      "title": "CVE-2024-47941"
    },
    {
      "cve": "CVE-2024-47942",
      "cwe": {
        "id": "CWE-427",
        "name": "Uncontrolled Search Path Element"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Search Path Element",
          "title": "CWE-427"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1680248"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-47942",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47942.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1680248"
          ]
        }
      ],
      "title": "CVE-2024-47942"
    },
    {
      "cve": "CVE-2024-50310",
      "cwe": {
        "id": "CWE-863",
        "name": "Incorrect Authorization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incorrect Authorization",
          "title": "CWE-863"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1712748"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-50310",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50310.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1712748"
          ]
        }
      ],
      "title": "CVE-2024-50310"
    },
    {
      "cve": "CVE-2024-50313",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1637622",
          "CSAFPID-1637623",
          "CSAFPID-1637624",
          "CSAFPID-1637625",
          "CSAFPID-1637626"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-50313",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50313.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1637622",
            "CSAFPID-1637623",
            "CSAFPID-1637624",
            "CSAFPID-1637625",
            "CSAFPID-1637626"
          ]
        }
      ],
      "title": "CVE-2024-50313"
    },
    {
      "cve": "CVE-2024-50557",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1702670",
          "CSAFPID-1702671",
          "CSAFPID-1702672",
          "CSAFPID-1712749",
          "CSAFPID-1712750",
          "CSAFPID-1702677",
          "CSAFPID-1702678",
          "CSAFPID-1702679",
          "CSAFPID-1712751",
          "CSAFPID-1712752",
          "CSAFPID-1702681",
          "CSAFPID-1712753",
          "CSAFPID-1702682",
          "CSAFPID-1702683",
          "CSAFPID-1712754",
          "CSAFPID-1712755",
          "CSAFPID-1712756",
          "CSAFPID-1712757",
          "CSAFPID-1712758",
          "CSAFPID-1712759",
          "CSAFPID-1702684",
          "CSAFPID-1702685",
          "CSAFPID-1712760",
          "CSAFPID-1712761"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-50557",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50557.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1702670",
            "CSAFPID-1702671",
            "CSAFPID-1702672",
            "CSAFPID-1712749",
            "CSAFPID-1712750",
            "CSAFPID-1702677",
            "CSAFPID-1702678",
            "CSAFPID-1702679",
            "CSAFPID-1712751",
            "CSAFPID-1712752",
            "CSAFPID-1702681",
            "CSAFPID-1712753",
            "CSAFPID-1702682",
            "CSAFPID-1702683",
            "CSAFPID-1712754",
            "CSAFPID-1712755",
            "CSAFPID-1712756",
            "CSAFPID-1712757",
            "CSAFPID-1712758",
            "CSAFPID-1712759",
            "CSAFPID-1702684",
            "CSAFPID-1702685",
            "CSAFPID-1712760",
            "CSAFPID-1712761"
          ]
        }
      ],
      "title": "CVE-2024-50557"
    },
    {
      "cve": "CVE-2024-50558",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1702670",
          "CSAFPID-1702671",
          "CSAFPID-1702672",
          "CSAFPID-1712749",
          "CSAFPID-1712750",
          "CSAFPID-1702677",
          "CSAFPID-1702678",
          "CSAFPID-1702679",
          "CSAFPID-1712751",
          "CSAFPID-1712752",
          "CSAFPID-1702681",
          "CSAFPID-1712753",
          "CSAFPID-1702682",
          "CSAFPID-1702683",
          "CSAFPID-1712754",
          "CSAFPID-1712755",
          "CSAFPID-1712756",
          "CSAFPID-1712757",
          "CSAFPID-1712758",
          "CSAFPID-1712759",
          "CSAFPID-1702684",
          "CSAFPID-1702685",
          "CSAFPID-1712760",
          "CSAFPID-1712761"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-50558",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50558.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1702670",
            "CSAFPID-1702671",
            "CSAFPID-1702672",
            "CSAFPID-1712749",
            "CSAFPID-1712750",
            "CSAFPID-1702677",
            "CSAFPID-1702678",
            "CSAFPID-1702679",
            "CSAFPID-1712751",
            "CSAFPID-1712752",
            "CSAFPID-1702681",
            "CSAFPID-1712753",
            "CSAFPID-1702682",
            "CSAFPID-1702683",
            "CSAFPID-1712754",
            "CSAFPID-1712755",
            "CSAFPID-1712756",
            "CSAFPID-1712757",
            "CSAFPID-1712758",
            "CSAFPID-1712759",
            "CSAFPID-1702684",
            "CSAFPID-1702685",
            "CSAFPID-1712760",
            "CSAFPID-1712761"
          ]
        }
      ],
      "title": "CVE-2024-50558"
    },
    {
      "cve": "CVE-2024-50559",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1702670",
          "CSAFPID-1702671",
          "CSAFPID-1702672",
          "CSAFPID-1712749",
          "CSAFPID-1712750",
          "CSAFPID-1702677",
          "CSAFPID-1702678",
          "CSAFPID-1702679",
          "CSAFPID-1712751",
          "CSAFPID-1712752",
          "CSAFPID-1702681",
          "CSAFPID-1712753",
          "CSAFPID-1702682",
          "CSAFPID-1702683",
          "CSAFPID-1712754",
          "CSAFPID-1712755",
          "CSAFPID-1712756",
          "CSAFPID-1712757",
          "CSAFPID-1712758",
          "CSAFPID-1712759",
          "CSAFPID-1702684",
          "CSAFPID-1702685",
          "CSAFPID-1712760",
          "CSAFPID-1712761"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-50559",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50559.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1702670",
            "CSAFPID-1702671",
            "CSAFPID-1702672",
            "CSAFPID-1712749",
            "CSAFPID-1712750",
            "CSAFPID-1702677",
            "CSAFPID-1702678",
            "CSAFPID-1702679",
            "CSAFPID-1712751",
            "CSAFPID-1712752",
            "CSAFPID-1702681",
            "CSAFPID-1712753",
            "CSAFPID-1702682",
            "CSAFPID-1702683",
            "CSAFPID-1712754",
            "CSAFPID-1712755",
            "CSAFPID-1712756",
            "CSAFPID-1712757",
            "CSAFPID-1712758",
            "CSAFPID-1712759",
            "CSAFPID-1702684",
            "CSAFPID-1702685",
            "CSAFPID-1712760",
            "CSAFPID-1712761"
          ]
        }
      ],
      "title": "CVE-2024-50559"
    },
    {
      "cve": "CVE-2024-50560",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1702670",
          "CSAFPID-1702671",
          "CSAFPID-1702672",
          "CSAFPID-1712749",
          "CSAFPID-1712750",
          "CSAFPID-1702677",
          "CSAFPID-1702678",
          "CSAFPID-1702679",
          "CSAFPID-1712751",
          "CSAFPID-1712752",
          "CSAFPID-1702681",
          "CSAFPID-1712753",
          "CSAFPID-1702682",
          "CSAFPID-1702683",
          "CSAFPID-1712754",
          "CSAFPID-1712755",
          "CSAFPID-1712756",
          "CSAFPID-1712757",
          "CSAFPID-1712758",
          "CSAFPID-1712759",
          "CSAFPID-1702684",
          "CSAFPID-1702685",
          "CSAFPID-1712760",
          "CSAFPID-1712761"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-50560",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50560.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1702670",
            "CSAFPID-1702671",
            "CSAFPID-1702672",
            "CSAFPID-1712749",
            "CSAFPID-1712750",
            "CSAFPID-1702677",
            "CSAFPID-1702678",
            "CSAFPID-1702679",
            "CSAFPID-1712751",
            "CSAFPID-1712752",
            "CSAFPID-1702681",
            "CSAFPID-1712753",
            "CSAFPID-1702682",
            "CSAFPID-1702683",
            "CSAFPID-1712754",
            "CSAFPID-1712755",
            "CSAFPID-1712756",
            "CSAFPID-1712757",
            "CSAFPID-1712758",
            "CSAFPID-1712759",
            "CSAFPID-1702684",
            "CSAFPID-1702685",
            "CSAFPID-1712760",
            "CSAFPID-1712761"
          ]
        }
      ],
      "title": "CVE-2024-50560"
    },
    {
      "cve": "CVE-2024-50561",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1702670",
          "CSAFPID-1702671",
          "CSAFPID-1702672",
          "CSAFPID-1712749",
          "CSAFPID-1712750",
          "CSAFPID-1702677",
          "CSAFPID-1702678",
          "CSAFPID-1702679",
          "CSAFPID-1712751",
          "CSAFPID-1712752",
          "CSAFPID-1702681",
          "CSAFPID-1712753",
          "CSAFPID-1702682",
          "CSAFPID-1702683",
          "CSAFPID-1712754",
          "CSAFPID-1712755",
          "CSAFPID-1712756",
          "CSAFPID-1712757",
          "CSAFPID-1712758",
          "CSAFPID-1712759",
          "CSAFPID-1702684",
          "CSAFPID-1702685",
          "CSAFPID-1712760",
          "CSAFPID-1712761"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-50561",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50561.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1702670",
            "CSAFPID-1702671",
            "CSAFPID-1702672",
            "CSAFPID-1712749",
            "CSAFPID-1712750",
            "CSAFPID-1702677",
            "CSAFPID-1702678",
            "CSAFPID-1702679",
            "CSAFPID-1712751",
            "CSAFPID-1712752",
            "CSAFPID-1702681",
            "CSAFPID-1712753",
            "CSAFPID-1702682",
            "CSAFPID-1702683",
            "CSAFPID-1712754",
            "CSAFPID-1712755",
            "CSAFPID-1712756",
            "CSAFPID-1712757",
            "CSAFPID-1712758",
            "CSAFPID-1712759",
            "CSAFPID-1702684",
            "CSAFPID-1702685",
            "CSAFPID-1712760",
            "CSAFPID-1712761"
          ]
        }
      ],
      "title": "CVE-2024-50561"
    },
    {
      "cve": "CVE-2024-50572",
      "cwe": {
        "id": "CWE-74",
        "name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
          "title": "CWE-74"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1702670",
          "CSAFPID-1702671",
          "CSAFPID-1702672",
          "CSAFPID-1712749",
          "CSAFPID-1712750",
          "CSAFPID-1702677",
          "CSAFPID-1702678",
          "CSAFPID-1702679",
          "CSAFPID-1712751",
          "CSAFPID-1712752",
          "CSAFPID-1702681",
          "CSAFPID-1712753",
          "CSAFPID-1702682",
          "CSAFPID-1702683",
          "CSAFPID-1712754",
          "CSAFPID-1712755",
          "CSAFPID-1712756",
          "CSAFPID-1712757",
          "CSAFPID-1712758",
          "CSAFPID-1712759",
          "CSAFPID-1702684",
          "CSAFPID-1702685",
          "CSAFPID-1712760",
          "CSAFPID-1712761"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-50572",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50572.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1702670",
            "CSAFPID-1702671",
            "CSAFPID-1702672",
            "CSAFPID-1712749",
            "CSAFPID-1712750",
            "CSAFPID-1702677",
            "CSAFPID-1702678",
            "CSAFPID-1702679",
            "CSAFPID-1712751",
            "CSAFPID-1712752",
            "CSAFPID-1702681",
            "CSAFPID-1712753",
            "CSAFPID-1702682",
            "CSAFPID-1702683",
            "CSAFPID-1712754",
            "CSAFPID-1712755",
            "CSAFPID-1712756",
            "CSAFPID-1712757",
            "CSAFPID-1712758",
            "CSAFPID-1712759",
            "CSAFPID-1702684",
            "CSAFPID-1702685",
            "CSAFPID-1712760",
            "CSAFPID-1712761"
          ]
        }
      ],
      "title": "CVE-2024-50572"
    }
  ]
}

OPENSUSE-SU-2024:13851-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

corepack20-20.12.1-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: corepack20-20.12.1-1.1 on GA media

Description of the patch: These are all security issues fixed in the corepack20-20.12.1-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-13851

CVE-2024-27982

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:corepack20-20.12.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.12.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.12.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.12.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.12.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.12.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.12.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.12.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.12.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.12.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.12.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.12.1-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2024-27983

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:corepack20-20.12.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.12.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.12.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.12.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.12.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.12.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.12.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.12.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.12.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.12.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.12.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.12.1-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-30260

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:corepack20-20.12.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.12.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.12.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.12.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.12.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.12.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.12.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.12.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.12.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.12.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.12.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.12.1-1.1.x86_64	—	Vendor Fix

Threats

Impact low

References

11 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2024-27982/	self
https://www.suse.com/security/cve/CVE-2024-27983/	self
https://www.suse.com/security/cve/CVE-2024-30260/	self
https://www.suse.com/security/cve/CVE-2024-27982	external
https://bugzilla.suse.com/1222384	external
https://www.suse.com/security/cve/CVE-2024-27983	external
https://bugzilla.suse.com/1222244	external
https://www.suse.com/security/cve/CVE-2024-30260	external
https://bugzilla.suse.com/1222530	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "corepack20-20.12.1-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the corepack20-20.12.1-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-13851",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13851-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-27982 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-27982/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-27983 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-27983/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-30260 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-30260/"
      }
    ],
    "title": "corepack20-20.12.1-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:13851-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "corepack20-20.12.1-1.1.aarch64",
                "product": {
                  "name": "corepack20-20.12.1-1.1.aarch64",
                  "product_id": "corepack20-20.12.1-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs20-20.12.1-1.1.aarch64",
                "product": {
                  "name": "nodejs20-20.12.1-1.1.aarch64",
                  "product_id": "nodejs20-20.12.1-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs20-devel-20.12.1-1.1.aarch64",
                "product": {
                  "name": "nodejs20-devel-20.12.1-1.1.aarch64",
                  "product_id": "nodejs20-devel-20.12.1-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs20-docs-20.12.1-1.1.aarch64",
                "product": {
                  "name": "nodejs20-docs-20.12.1-1.1.aarch64",
                  "product_id": "nodejs20-docs-20.12.1-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "npm20-20.12.1-1.1.aarch64",
                "product": {
                  "name": "npm20-20.12.1-1.1.aarch64",
                  "product_id": "npm20-20.12.1-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "corepack20-20.12.1-1.1.ppc64le",
                "product": {
                  "name": "corepack20-20.12.1-1.1.ppc64le",
                  "product_id": "corepack20-20.12.1-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs20-20.12.1-1.1.ppc64le",
                "product": {
                  "name": "nodejs20-20.12.1-1.1.ppc64le",
                  "product_id": "nodejs20-20.12.1-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs20-devel-20.12.1-1.1.ppc64le",
                "product": {
                  "name": "nodejs20-devel-20.12.1-1.1.ppc64le",
                  "product_id": "nodejs20-devel-20.12.1-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs20-docs-20.12.1-1.1.ppc64le",
                "product": {
                  "name": "nodejs20-docs-20.12.1-1.1.ppc64le",
                  "product_id": "nodejs20-docs-20.12.1-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "npm20-20.12.1-1.1.ppc64le",
                "product": {
                  "name": "npm20-20.12.1-1.1.ppc64le",
                  "product_id": "npm20-20.12.1-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "corepack20-20.12.1-1.1.s390x",
                "product": {
                  "name": "corepack20-20.12.1-1.1.s390x",
                  "product_id": "corepack20-20.12.1-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs20-20.12.1-1.1.s390x",
                "product": {
                  "name": "nodejs20-20.12.1-1.1.s390x",
                  "product_id": "nodejs20-20.12.1-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs20-devel-20.12.1-1.1.s390x",
                "product": {
                  "name": "nodejs20-devel-20.12.1-1.1.s390x",
                  "product_id": "nodejs20-devel-20.12.1-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs20-docs-20.12.1-1.1.s390x",
                "product": {
                  "name": "nodejs20-docs-20.12.1-1.1.s390x",
                  "product_id": "nodejs20-docs-20.12.1-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "npm20-20.12.1-1.1.s390x",
                "product": {
                  "name": "npm20-20.12.1-1.1.s390x",
                  "product_id": "npm20-20.12.1-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "corepack20-20.12.1-1.1.x86_64",
                "product": {
                  "name": "corepack20-20.12.1-1.1.x86_64",
                  "product_id": "corepack20-20.12.1-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs20-20.12.1-1.1.x86_64",
                "product": {
                  "name": "nodejs20-20.12.1-1.1.x86_64",
                  "product_id": "nodejs20-20.12.1-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs20-devel-20.12.1-1.1.x86_64",
                "product": {
                  "name": "nodejs20-devel-20.12.1-1.1.x86_64",
                  "product_id": "nodejs20-devel-20.12.1-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs20-docs-20.12.1-1.1.x86_64",
                "product": {
                  "name": "nodejs20-docs-20.12.1-1.1.x86_64",
                  "product_id": "nodejs20-docs-20.12.1-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "npm20-20.12.1-1.1.x86_64",
                "product": {
                  "name": "npm20-20.12.1-1.1.x86_64",
                  "product_id": "npm20-20.12.1-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "corepack20-20.12.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:corepack20-20.12.1-1.1.aarch64"
        },
        "product_reference": "corepack20-20.12.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "corepack20-20.12.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:corepack20-20.12.1-1.1.ppc64le"
        },
        "product_reference": "corepack20-20.12.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "corepack20-20.12.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:corepack20-20.12.1-1.1.s390x"
        },
        "product_reference": "corepack20-20.12.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "corepack20-20.12.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:corepack20-20.12.1-1.1.x86_64"
        },
        "product_reference": "corepack20-20.12.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs20-20.12.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.aarch64"
        },
        "product_reference": "nodejs20-20.12.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs20-20.12.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.ppc64le"
        },
        "product_reference": "nodejs20-20.12.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs20-20.12.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.s390x"
        },
        "product_reference": "nodejs20-20.12.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs20-20.12.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.x86_64"
        },
        "product_reference": "nodejs20-20.12.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs20-devel-20.12.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.aarch64"
        },
        "product_reference": "nodejs20-devel-20.12.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs20-devel-20.12.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.ppc64le"
        },
        "product_reference": "nodejs20-devel-20.12.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs20-devel-20.12.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.s390x"
        },
        "product_reference": "nodejs20-devel-20.12.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs20-devel-20.12.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.x86_64"
        },
        "product_reference": "nodejs20-devel-20.12.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs20-docs-20.12.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.aarch64"
        },
        "product_reference": "nodejs20-docs-20.12.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs20-docs-20.12.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.ppc64le"
        },
        "product_reference": "nodejs20-docs-20.12.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs20-docs-20.12.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.s390x"
        },
        "product_reference": "nodejs20-docs-20.12.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs20-docs-20.12.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.x86_64"
        },
        "product_reference": "nodejs20-docs-20.12.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm20-20.12.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:npm20-20.12.1-1.1.aarch64"
        },
        "product_reference": "npm20-20.12.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm20-20.12.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:npm20-20.12.1-1.1.ppc64le"
        },
        "product_reference": "npm20-20.12.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm20-20.12.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:npm20-20.12.1-1.1.s390x"
        },
        "product_reference": "npm20-20.12.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm20-20.12.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:npm20-20.12.1-1.1.x86_64"
        },
        "product_reference": "npm20-20.12.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-27982",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-27982"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:corepack20-20.12.1-1.1.aarch64",
          "openSUSE Tumbleweed:corepack20-20.12.1-1.1.ppc64le",
          "openSUSE Tumbleweed:corepack20-20.12.1-1.1.s390x",
          "openSUSE Tumbleweed:corepack20-20.12.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.x86_64",
          "openSUSE Tumbleweed:npm20-20.12.1-1.1.aarch64",
          "openSUSE Tumbleweed:npm20-20.12.1-1.1.ppc64le",
          "openSUSE Tumbleweed:npm20-20.12.1-1.1.s390x",
          "openSUSE Tumbleweed:npm20-20.12.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-27982",
          "url": "https://www.suse.com/security/cve/CVE-2024-27982"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222384 for CVE-2024-27982",
          "url": "https://bugzilla.suse.com/1222384"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:corepack20-20.12.1-1.1.aarch64",
            "openSUSE Tumbleweed:corepack20-20.12.1-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack20-20.12.1-1.1.s390x",
            "openSUSE Tumbleweed:corepack20-20.12.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.x86_64",
            "openSUSE Tumbleweed:npm20-20.12.1-1.1.aarch64",
            "openSUSE Tumbleweed:npm20-20.12.1-1.1.ppc64le",
            "openSUSE Tumbleweed:npm20-20.12.1-1.1.s390x",
            "openSUSE Tumbleweed:npm20-20.12.1-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:corepack20-20.12.1-1.1.aarch64",
            "openSUSE Tumbleweed:corepack20-20.12.1-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack20-20.12.1-1.1.s390x",
            "openSUSE Tumbleweed:corepack20-20.12.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.x86_64",
            "openSUSE Tumbleweed:npm20-20.12.1-1.1.aarch64",
            "openSUSE Tumbleweed:npm20-20.12.1-1.1.ppc64le",
            "openSUSE Tumbleweed:npm20-20.12.1-1.1.s390x",
            "openSUSE Tumbleweed:npm20-20.12.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-27982"
    },
    {
      "cve": "CVE-2024-27983",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-27983"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:corepack20-20.12.1-1.1.aarch64",
          "openSUSE Tumbleweed:corepack20-20.12.1-1.1.ppc64le",
          "openSUSE Tumbleweed:corepack20-20.12.1-1.1.s390x",
          "openSUSE Tumbleweed:corepack20-20.12.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.x86_64",
          "openSUSE Tumbleweed:npm20-20.12.1-1.1.aarch64",
          "openSUSE Tumbleweed:npm20-20.12.1-1.1.ppc64le",
          "openSUSE Tumbleweed:npm20-20.12.1-1.1.s390x",
          "openSUSE Tumbleweed:npm20-20.12.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-27983",
          "url": "https://www.suse.com/security/cve/CVE-2024-27983"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222244 for CVE-2024-27983",
          "url": "https://bugzilla.suse.com/1222244"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:corepack20-20.12.1-1.1.aarch64",
            "openSUSE Tumbleweed:corepack20-20.12.1-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack20-20.12.1-1.1.s390x",
            "openSUSE Tumbleweed:corepack20-20.12.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.x86_64",
            "openSUSE Tumbleweed:npm20-20.12.1-1.1.aarch64",
            "openSUSE Tumbleweed:npm20-20.12.1-1.1.ppc64le",
            "openSUSE Tumbleweed:npm20-20.12.1-1.1.s390x",
            "openSUSE Tumbleweed:npm20-20.12.1-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:corepack20-20.12.1-1.1.aarch64",
            "openSUSE Tumbleweed:corepack20-20.12.1-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack20-20.12.1-1.1.s390x",
            "openSUSE Tumbleweed:corepack20-20.12.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.x86_64",
            "openSUSE Tumbleweed:npm20-20.12.1-1.1.aarch64",
            "openSUSE Tumbleweed:npm20-20.12.1-1.1.ppc64le",
            "openSUSE Tumbleweed:npm20-20.12.1-1.1.s390x",
            "openSUSE Tumbleweed:npm20-20.12.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-27983"
    },
    {
      "cve": "CVE-2024-30260",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-30260"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:corepack20-20.12.1-1.1.aarch64",
          "openSUSE Tumbleweed:corepack20-20.12.1-1.1.ppc64le",
          "openSUSE Tumbleweed:corepack20-20.12.1-1.1.s390x",
          "openSUSE Tumbleweed:corepack20-20.12.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.x86_64",
          "openSUSE Tumbleweed:npm20-20.12.1-1.1.aarch64",
          "openSUSE Tumbleweed:npm20-20.12.1-1.1.ppc64le",
          "openSUSE Tumbleweed:npm20-20.12.1-1.1.s390x",
          "openSUSE Tumbleweed:npm20-20.12.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-30260",
          "url": "https://www.suse.com/security/cve/CVE-2024-30260"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222530 for CVE-2024-30260",
          "url": "https://bugzilla.suse.com/1222530"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:corepack20-20.12.1-1.1.aarch64",
            "openSUSE Tumbleweed:corepack20-20.12.1-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack20-20.12.1-1.1.s390x",
            "openSUSE Tumbleweed:corepack20-20.12.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.x86_64",
            "openSUSE Tumbleweed:npm20-20.12.1-1.1.aarch64",
            "openSUSE Tumbleweed:npm20-20.12.1-1.1.ppc64le",
            "openSUSE Tumbleweed:npm20-20.12.1-1.1.s390x",
            "openSUSE Tumbleweed:npm20-20.12.1-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:corepack20-20.12.1-1.1.aarch64",
            "openSUSE Tumbleweed:corepack20-20.12.1-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack20-20.12.1-1.1.s390x",
            "openSUSE Tumbleweed:corepack20-20.12.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.x86_64",
            "openSUSE Tumbleweed:npm20-20.12.1-1.1.aarch64",
            "openSUSE Tumbleweed:npm20-20.12.1-1.1.ppc64le",
            "openSUSE Tumbleweed:npm20-20.12.1-1.1.s390x",
            "openSUSE Tumbleweed:npm20-20.12.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2024-30260"
    }
  ]
}

OPENSUSE-SU-2024:13852-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

corepack21-21.7.2-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: corepack21-21.7.2-1.1 on GA media

Description of the patch: These are all security issues fixed in the corepack21-21.7.2-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-13852

CVE-2024-27982

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:corepack21-21.7.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.7.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.7.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.7.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.7.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.7.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.7.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.7.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.7.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.7.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.7.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.7.2-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2024-27983

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:corepack21-21.7.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.7.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.7.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.7.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.7.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.7.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.7.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.7.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.7.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.7.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.7.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.7.2-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-30260

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:corepack21-21.7.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.7.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.7.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.7.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.7.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.7.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.7.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.7.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.7.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.7.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.7.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.7.2-1.1.x86_64	—	Vendor Fix

Threats

Impact low

References

11 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2024-27982/	self
https://www.suse.com/security/cve/CVE-2024-27983/	self
https://www.suse.com/security/cve/CVE-2024-30260/	self
https://www.suse.com/security/cve/CVE-2024-27982	external
https://bugzilla.suse.com/1222384	external
https://www.suse.com/security/cve/CVE-2024-27983	external
https://bugzilla.suse.com/1222244	external
https://www.suse.com/security/cve/CVE-2024-30260	external
https://bugzilla.suse.com/1222530	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "corepack21-21.7.2-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the corepack21-21.7.2-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-13852",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13852-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-27982 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-27982/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-27983 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-27983/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-30260 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-30260/"
      }
    ],
    "title": "corepack21-21.7.2-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:13852-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "corepack21-21.7.2-1.1.aarch64",
                "product": {
                  "name": "corepack21-21.7.2-1.1.aarch64",
                  "product_id": "corepack21-21.7.2-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs21-21.7.2-1.1.aarch64",
                "product": {
                  "name": "nodejs21-21.7.2-1.1.aarch64",
                  "product_id": "nodejs21-21.7.2-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs21-devel-21.7.2-1.1.aarch64",
                "product": {
                  "name": "nodejs21-devel-21.7.2-1.1.aarch64",
                  "product_id": "nodejs21-devel-21.7.2-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs21-docs-21.7.2-1.1.aarch64",
                "product": {
                  "name": "nodejs21-docs-21.7.2-1.1.aarch64",
                  "product_id": "nodejs21-docs-21.7.2-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "npm21-21.7.2-1.1.aarch64",
                "product": {
                  "name": "npm21-21.7.2-1.1.aarch64",
                  "product_id": "npm21-21.7.2-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "corepack21-21.7.2-1.1.ppc64le",
                "product": {
                  "name": "corepack21-21.7.2-1.1.ppc64le",
                  "product_id": "corepack21-21.7.2-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs21-21.7.2-1.1.ppc64le",
                "product": {
                  "name": "nodejs21-21.7.2-1.1.ppc64le",
                  "product_id": "nodejs21-21.7.2-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs21-devel-21.7.2-1.1.ppc64le",
                "product": {
                  "name": "nodejs21-devel-21.7.2-1.1.ppc64le",
                  "product_id": "nodejs21-devel-21.7.2-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs21-docs-21.7.2-1.1.ppc64le",
                "product": {
                  "name": "nodejs21-docs-21.7.2-1.1.ppc64le",
                  "product_id": "nodejs21-docs-21.7.2-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "npm21-21.7.2-1.1.ppc64le",
                "product": {
                  "name": "npm21-21.7.2-1.1.ppc64le",
                  "product_id": "npm21-21.7.2-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "corepack21-21.7.2-1.1.s390x",
                "product": {
                  "name": "corepack21-21.7.2-1.1.s390x",
                  "product_id": "corepack21-21.7.2-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs21-21.7.2-1.1.s390x",
                "product": {
                  "name": "nodejs21-21.7.2-1.1.s390x",
                  "product_id": "nodejs21-21.7.2-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs21-devel-21.7.2-1.1.s390x",
                "product": {
                  "name": "nodejs21-devel-21.7.2-1.1.s390x",
                  "product_id": "nodejs21-devel-21.7.2-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs21-docs-21.7.2-1.1.s390x",
                "product": {
                  "name": "nodejs21-docs-21.7.2-1.1.s390x",
                  "product_id": "nodejs21-docs-21.7.2-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "npm21-21.7.2-1.1.s390x",
                "product": {
                  "name": "npm21-21.7.2-1.1.s390x",
                  "product_id": "npm21-21.7.2-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "corepack21-21.7.2-1.1.x86_64",
                "product": {
                  "name": "corepack21-21.7.2-1.1.x86_64",
                  "product_id": "corepack21-21.7.2-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs21-21.7.2-1.1.x86_64",
                "product": {
                  "name": "nodejs21-21.7.2-1.1.x86_64",
                  "product_id": "nodejs21-21.7.2-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs21-devel-21.7.2-1.1.x86_64",
                "product": {
                  "name": "nodejs21-devel-21.7.2-1.1.x86_64",
                  "product_id": "nodejs21-devel-21.7.2-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs21-docs-21.7.2-1.1.x86_64",
                "product": {
                  "name": "nodejs21-docs-21.7.2-1.1.x86_64",
                  "product_id": "nodejs21-docs-21.7.2-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "npm21-21.7.2-1.1.x86_64",
                "product": {
                  "name": "npm21-21.7.2-1.1.x86_64",
                  "product_id": "npm21-21.7.2-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "corepack21-21.7.2-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:corepack21-21.7.2-1.1.aarch64"
        },
        "product_reference": "corepack21-21.7.2-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "corepack21-21.7.2-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:corepack21-21.7.2-1.1.ppc64le"
        },
        "product_reference": "corepack21-21.7.2-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "corepack21-21.7.2-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:corepack21-21.7.2-1.1.s390x"
        },
        "product_reference": "corepack21-21.7.2-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "corepack21-21.7.2-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:corepack21-21.7.2-1.1.x86_64"
        },
        "product_reference": "corepack21-21.7.2-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs21-21.7.2-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.aarch64"
        },
        "product_reference": "nodejs21-21.7.2-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs21-21.7.2-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.ppc64le"
        },
        "product_reference": "nodejs21-21.7.2-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs21-21.7.2-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.s390x"
        },
        "product_reference": "nodejs21-21.7.2-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs21-21.7.2-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.x86_64"
        },
        "product_reference": "nodejs21-21.7.2-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs21-devel-21.7.2-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.aarch64"
        },
        "product_reference": "nodejs21-devel-21.7.2-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs21-devel-21.7.2-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.ppc64le"
        },
        "product_reference": "nodejs21-devel-21.7.2-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs21-devel-21.7.2-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.s390x"
        },
        "product_reference": "nodejs21-devel-21.7.2-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs21-devel-21.7.2-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.x86_64"
        },
        "product_reference": "nodejs21-devel-21.7.2-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs21-docs-21.7.2-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.aarch64"
        },
        "product_reference": "nodejs21-docs-21.7.2-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs21-docs-21.7.2-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.ppc64le"
        },
        "product_reference": "nodejs21-docs-21.7.2-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs21-docs-21.7.2-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.s390x"
        },
        "product_reference": "nodejs21-docs-21.7.2-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs21-docs-21.7.2-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.x86_64"
        },
        "product_reference": "nodejs21-docs-21.7.2-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm21-21.7.2-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:npm21-21.7.2-1.1.aarch64"
        },
        "product_reference": "npm21-21.7.2-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm21-21.7.2-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:npm21-21.7.2-1.1.ppc64le"
        },
        "product_reference": "npm21-21.7.2-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm21-21.7.2-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:npm21-21.7.2-1.1.s390x"
        },
        "product_reference": "npm21-21.7.2-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm21-21.7.2-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:npm21-21.7.2-1.1.x86_64"
        },
        "product_reference": "npm21-21.7.2-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-27982",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-27982"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:corepack21-21.7.2-1.1.aarch64",
          "openSUSE Tumbleweed:corepack21-21.7.2-1.1.ppc64le",
          "openSUSE Tumbleweed:corepack21-21.7.2-1.1.s390x",
          "openSUSE Tumbleweed:corepack21-21.7.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.x86_64",
          "openSUSE Tumbleweed:npm21-21.7.2-1.1.aarch64",
          "openSUSE Tumbleweed:npm21-21.7.2-1.1.ppc64le",
          "openSUSE Tumbleweed:npm21-21.7.2-1.1.s390x",
          "openSUSE Tumbleweed:npm21-21.7.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-27982",
          "url": "https://www.suse.com/security/cve/CVE-2024-27982"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222384 for CVE-2024-27982",
          "url": "https://bugzilla.suse.com/1222384"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:corepack21-21.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:corepack21-21.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack21-21.7.2-1.1.s390x",
            "openSUSE Tumbleweed:corepack21-21.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:npm21-21.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:npm21-21.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:npm21-21.7.2-1.1.s390x",
            "openSUSE Tumbleweed:npm21-21.7.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:corepack21-21.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:corepack21-21.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack21-21.7.2-1.1.s390x",
            "openSUSE Tumbleweed:corepack21-21.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:npm21-21.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:npm21-21.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:npm21-21.7.2-1.1.s390x",
            "openSUSE Tumbleweed:npm21-21.7.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-27982"
    },
    {
      "cve": "CVE-2024-27983",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-27983"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:corepack21-21.7.2-1.1.aarch64",
          "openSUSE Tumbleweed:corepack21-21.7.2-1.1.ppc64le",
          "openSUSE Tumbleweed:corepack21-21.7.2-1.1.s390x",
          "openSUSE Tumbleweed:corepack21-21.7.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.x86_64",
          "openSUSE Tumbleweed:npm21-21.7.2-1.1.aarch64",
          "openSUSE Tumbleweed:npm21-21.7.2-1.1.ppc64le",
          "openSUSE Tumbleweed:npm21-21.7.2-1.1.s390x",
          "openSUSE Tumbleweed:npm21-21.7.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-27983",
          "url": "https://www.suse.com/security/cve/CVE-2024-27983"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222244 for CVE-2024-27983",
          "url": "https://bugzilla.suse.com/1222244"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:corepack21-21.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:corepack21-21.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack21-21.7.2-1.1.s390x",
            "openSUSE Tumbleweed:corepack21-21.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:npm21-21.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:npm21-21.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:npm21-21.7.2-1.1.s390x",
            "openSUSE Tumbleweed:npm21-21.7.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:corepack21-21.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:corepack21-21.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack21-21.7.2-1.1.s390x",
            "openSUSE Tumbleweed:corepack21-21.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:npm21-21.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:npm21-21.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:npm21-21.7.2-1.1.s390x",
            "openSUSE Tumbleweed:npm21-21.7.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-27983"
    },
    {
      "cve": "CVE-2024-30260",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-30260"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:corepack21-21.7.2-1.1.aarch64",
          "openSUSE Tumbleweed:corepack21-21.7.2-1.1.ppc64le",
          "openSUSE Tumbleweed:corepack21-21.7.2-1.1.s390x",
          "openSUSE Tumbleweed:corepack21-21.7.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.x86_64",
          "openSUSE Tumbleweed:npm21-21.7.2-1.1.aarch64",
          "openSUSE Tumbleweed:npm21-21.7.2-1.1.ppc64le",
          "openSUSE Tumbleweed:npm21-21.7.2-1.1.s390x",
          "openSUSE Tumbleweed:npm21-21.7.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-30260",
          "url": "https://www.suse.com/security/cve/CVE-2024-30260"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222530 for CVE-2024-30260",
          "url": "https://bugzilla.suse.com/1222530"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:corepack21-21.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:corepack21-21.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack21-21.7.2-1.1.s390x",
            "openSUSE Tumbleweed:corepack21-21.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:npm21-21.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:npm21-21.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:npm21-21.7.2-1.1.s390x",
            "openSUSE Tumbleweed:npm21-21.7.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:corepack21-21.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:corepack21-21.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack21-21.7.2-1.1.s390x",
            "openSUSE Tumbleweed:corepack21-21.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:npm21-21.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:npm21-21.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:npm21-21.7.2-1.1.s390x",
            "openSUSE Tumbleweed:npm21-21.7.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2024-30260"
    }
  ]
}

RHSA-2024:2778

Vulnerability from csaf_redhat - Published: 2024-05-09 06:29 - Updated: 2026-03-18 02:38

Summary

Red Hat Security Advisory: nodejs:20 security update

Severity

Important

Notes

Topic: An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629) * nghttp2: CONTINUATION frames DoS (CVE-2024-28182) * nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025) * nodejs: CONTINUATION frames DoS (CVE-2024-27983) * nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2024-22025

A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-25629

A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE-127 - Buffer Under-read

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2024-27982

An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-27983

A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2024-28182

A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-390 - Detection of Error Condition Without Action

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround

Threats

Impact Moderate

References

33 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:2778	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2265713	external
https://bugzilla.redhat.com/show_bug.cgi?id=2268639	external
https://bugzilla.redhat.com/show_bug.cgi?id=2270559	external
https://bugzilla.redhat.com/show_bug.cgi?id=2272764	external
https://bugzilla.redhat.com/show_bug.cgi?id=2275392	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2024-22025	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270559	external
https://www.cve.org/CVERecord?id=CVE-2024-22025	external
https://nvd.nist.gov/vuln/detail/CVE-2024-22025	external
https://access.redhat.com/security/cve/CVE-2024-25629	self
https://bugzilla.redhat.com/show_bug.cgi?id=2265713	external
https://www.cve.org/CVERecord?id=CVE-2024-25629	external
https://nvd.nist.gov/vuln/detail/CVE-2024-25629	external
https://github.com/c-ares/c-ares/security/advisor…	external
https://access.redhat.com/security/cve/CVE-2024-27982	self
https://bugzilla.redhat.com/show_bug.cgi?id=2275392	external
https://www.cve.org/CVERecord?id=CVE-2024-27982	external
https://nvd.nist.gov/vuln/detail/CVE-2024-27982	external
https://nodejs.org/en/blog/vulnerability/april-20…	external
https://access.redhat.com/security/cve/CVE-2024-27983	self
https://bugzilla.redhat.com/show_bug.cgi?id=2272764	external
https://www.cve.org/CVERecord?id=CVE-2024-27983	external
https://nvd.nist.gov/vuln/detail/CVE-2024-27983	external
https://nowotarski.info/http2-continuation-flood/	external
https://www.kb.cert.org/vuls/id/421644	external
https://access.redhat.com/security/cve/CVE-2024-28182	self
https://bugzilla.redhat.com/show_bug.cgi?id=2268639	external
https://www.cve.org/CVERecord?id=CVE-2024-28182	external
https://nvd.nist.gov/vuln/detail/CVE-2024-28182	external
https://github.com/nghttp2/nghttp2/security/advis…	external

Acknowledgments

nowotarski.info Bartek Nowotarski

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.\n\nSecurity Fix(es):\n\n* c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)\n\n* nghttp2: CONTINUATION frames DoS (CVE-2024-28182)\n\n* nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025)\n\n* nodejs: CONTINUATION frames DoS (CVE-2024-27983)\n\n* nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:2778",
        "url": "https://access.redhat.com/errata/RHSA-2024:2778"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2265713",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265713"
      },
      {
        "category": "external",
        "summary": "2268639",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268639"
      },
      {
        "category": "external",
        "summary": "2270559",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270559"
      },
      {
        "category": "external",
        "summary": "2272764",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272764"
      },
      {
        "category": "external",
        "summary": "2275392",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275392"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2778.json"
      }
    ],
    "title": "Red Hat Security Advisory: nodejs:20 security update",
    "tracking": {
      "current_release_date": "2026-03-18T02:38:36+00:00",
      "generator": {
        "date": "2026-03-18T02:38:36+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.3"
        }
      },
      "id": "RHSA-2024:2778",
      "initial_release_date": "2024-05-09T06:29:01+00:00",
      "revision_history": [
        {
          "date": "2024-05-09T06:29:01+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-05-09T06:29:01+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-03-18T02:38:36+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                  "product_id": "AppStream-8.9.0.Z.MAIN",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
                "product": {
                  "name": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src (nodejs:20)",
                  "product_id": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=src\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src (nodejs:20)",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=src\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src (nodejs:20)",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.9.0%2B19519%2Be25b965a?arch=src\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
                "product": {
                  "name": "nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch (nodejs:20)",
                  "product_id": "nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-docs@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch (nodejs:20)",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=noarch\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch (nodejs:20)",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.9.0%2B19519%2Be25b965a?arch=noarch\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
                "product": {
                  "name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch (nodejs:20)",
                  "product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel8.9.0%2B19519%2Be25b965a?arch=noarch\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
                "product": {
                  "name": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64 (nodejs:20)",
                  "product_id": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
                "product": {
                  "name": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64 (nodejs:20)",
                  "product_id": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
                "product": {
                  "name": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64 (nodejs:20)",
                  "product_id": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
                "product": {
                  "name": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64 (nodejs:20)",
                  "product_id": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
                "product": {
                  "name": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64 (nodejs:20)",
                  "product_id": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
                "product": {
                  "name": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64 (nodejs:20)",
                  "product_id": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.5.0-1.20.12.2.2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
                "product": {
                  "name": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le (nodejs:20)",
                  "product_id": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
                "product": {
                  "name": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le (nodejs:20)",
                  "product_id": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
                "product": {
                  "name": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le (nodejs:20)",
                  "product_id": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
                "product": {
                  "name": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le (nodejs:20)",
                  "product_id": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
                "product": {
                  "name": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le (nodejs:20)",
                  "product_id": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
                "product": {
                  "name": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le (nodejs:20)",
                  "product_id": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.5.0-1.20.12.2.2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
                "product": {
                  "name": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x (nodejs:20)",
                  "product_id": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
                "product": {
                  "name": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x (nodejs:20)",
                  "product_id": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
                "product": {
                  "name": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x (nodejs:20)",
                  "product_id": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
                "product": {
                  "name": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x (nodejs:20)",
                  "product_id": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
                "product": {
                  "name": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x (nodejs:20)",
                  "product_id": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
                "product": {
                  "name": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x (nodejs:20)",
                  "product_id": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.5.0-1.20.12.2.2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
                "product": {
                  "name": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64 (nodejs:20)",
                  "product_id": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
                "product": {
                  "name": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64 (nodejs:20)",
                  "product_id": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
                "product": {
                  "name": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64 (nodejs:20)",
                  "product_id": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
                "product": {
                  "name": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64 (nodejs:20)",
                  "product_id": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
                "product": {
                  "name": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64 (nodejs:20)",
                  "product_id": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
                "product": {
                  "name": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64 (nodejs:20)",
                  "product_id": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.5.0-1.20.12.2.2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20"
        },
        "product_reference": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20"
        },
        "product_reference": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20"
        },
        "product_reference": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20"
        },
        "product_reference": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
        },
        "product_reference": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20"
        },
        "product_reference": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20"
        },
        "product_reference": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20"
        },
        "product_reference": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
        },
        "product_reference": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20"
        },
        "product_reference": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20"
        },
        "product_reference": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20"
        },
        "product_reference": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
        },
        "product_reference": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20"
        },
        "product_reference": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20"
        },
        "product_reference": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20"
        },
        "product_reference": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
        },
        "product_reference": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20"
        },
        "product_reference": "nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20"
        },
        "product_reference": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20"
        },
        "product_reference": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20"
        },
        "product_reference": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
        },
        "product_reference": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20"
        },
        "product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20"
        },
        "product_reference": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20"
        },
        "product_reference": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20"
        },
        "product_reference": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
        },
        "product_reference": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-22025",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2024-03-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270559"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The identified flaw in Node.js, which involves the fetch() function always decoding Brotli content regardless of its source, represents a moderate severity issue due to its potential to facilitate denial of service attacks through resource exhaustion. This vulnerability allows malicious actors to manipulate the URL parameter passed into fetch(), exploiting the consistent Brotli decoding behavior to overwhelm system memory resources. While the impact is constrained to process termination, its severity is moderated by the requirement for specific conditions, such as untrusted URLs and system configurations.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-22025"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270559",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270559"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22025",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22025",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22025"
        }
      ],
      "release_date": "2024-03-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-09T06:29:01+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2778"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service"
    },
    {
      "cve": "CVE-2024-25629",
      "cwe": {
        "id": "CWE-127",
        "name": "Buffer Under-read"
      },
      "discovery_date": "2024-02-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2265713"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "c-ares: Out of bounds read in ares__read_line()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat considers this a Low impact since this issue requires a specific configuration file to be configured incorrectly, meaning an attacker would need access to this configuration file to impact the server. This would normally correspond to an already compromised environment.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-25629"
        },
        {
          "category": "external",
          "summary": "RHBZ#2265713",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265713"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-25629",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-25629",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25629"
        },
        {
          "category": "external",
          "summary": "https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q",
          "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q"
        }
      ],
      "release_date": "2024-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-09T06:29:01+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2778"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "c-ares: Out of bounds read in ares__read_line()"
    },
    {
      "cve": "CVE-2024-27982",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2024-04-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2275392"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: HTTP Request Smuggling via Content Length Obfuscation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The HTTP request smuggling vulnerability in Node.js, stemming from Content-Length header obfuscation, is categorized as moderate severity due to its potential impact on the security and integrity of web applications. While the vulnerability can allow for the smuggling of secondary HTTP requests, leading to potential bypassing of security controls and injection of malicious content, its exploitation requires specific conditions and configurations to be met. Successful exploitation relies on the server\u0027s handling of malformed headers and the presence of web caching mechanisms susceptible to poisoning. Though the risk is notable and could facilitate attacks like XSS and cache poisoning, its moderate severity status suggests that while it warrants attention and mitigation, it might not pose an immediate, widespread threat under all circumstances.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-27982"
        },
        {
          "category": "external",
          "summary": "RHBZ#2275392",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275392"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-27982",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases",
          "url": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases"
        }
      ],
      "release_date": "2024-04-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-09T06:29:01+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2778"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: HTTP Request Smuggling via Content Length Obfuscation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Bartek Nowotarski"
          ],
          "organization": "nowotarski.info"
        }
      ],
      "cve": "CVE-2024-27983",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2024-04-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2272764"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: CONTINUATION frames DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat rates the security impact of this vulnerability as Important due to the worst-case scenario resulting in a denial of service, in alignment with the upstream Node.js project. It is simple to exploit, could significantly impact availability, and there is no reasonable mitigation. Once an attack has ended, the system should return to normal operations on its own.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-27983"
        },
        {
          "category": "external",
          "summary": "RHBZ#2272764",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272764"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-27983",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases",
          "url": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases"
        },
        {
          "category": "external",
          "summary": "https://nowotarski.info/http2-continuation-flood/",
          "url": "https://nowotarski.info/http2-continuation-flood/"
        },
        {
          "category": "external",
          "summary": "https://www.kb.cert.org/vuls/id/421644",
          "url": "https://www.kb.cert.org/vuls/id/421644"
        }
      ],
      "release_date": "2024-04-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-09T06:29:01+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2778"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs: CONTINUATION frames DoS"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Bartek Nowotarski"
          ],
          "organization": "nowotarski.info"
        }
      ],
      "cve": "CVE-2024-28182",
      "cwe": {
        "id": "CWE-390",
        "name": "Detection of Error Condition Without Action"
      },
      "discovery_date": "2024-03-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2268639"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nghttp2: CONTINUATION frames DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat rates the security impact of this vulnerability as Moderate, in alignment with upstream nghttp2. The worst case scenario is excessive CPU utilization causing a denial of service. Once an attack has ended, the system should return to normal operations on its own.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-28182"
        },
        {
          "category": "external",
          "summary": "RHBZ#2268639",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268639"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28182",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28182",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28182"
        },
        {
          "category": "external",
          "summary": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q",
          "url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q"
        },
        {
          "category": "external",
          "summary": "https://nowotarski.info/http2-continuation-flood/",
          "url": "https://nowotarski.info/http2-continuation-flood/"
        },
        {
          "category": "external",
          "summary": "https://www.kb.cert.org/vuls/id/421644",
          "url": "https://www.kb.cert.org/vuls/id/421644"
        }
      ],
      "release_date": "2024-04-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-09T06:29:01+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2778"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nghttp2: CONTINUATION frames DoS"
    }
  ]
}

RHSA-2024:2779

Vulnerability from csaf_redhat - Published: 2024-05-09 06:26 - Updated: 2026-03-18 02:38

Summary

Red Hat Security Advisory: nodejs:18 security update

Severity

Important

Notes

Topic: An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * nodejs: CONTINUATION frames DoS (CVE-2024-27983) * nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025) * nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982) * nghttp2: CONTINUATION frames DoS (CVE-2024-28182) * c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-22025

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-25629

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE-127 - Buffer Under-read

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2024-27982

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-27983

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2024-28182

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-390 - Detection of Error Condition Without Action

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround

Threats

Impact Moderate

References

33 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:2779	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2265713	external
https://bugzilla.redhat.com/show_bug.cgi?id=2268639	external
https://bugzilla.redhat.com/show_bug.cgi?id=2270559	external
https://bugzilla.redhat.com/show_bug.cgi?id=2272764	external
https://bugzilla.redhat.com/show_bug.cgi?id=2275392	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2024-22025	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270559	external
https://www.cve.org/CVERecord?id=CVE-2024-22025	external
https://nvd.nist.gov/vuln/detail/CVE-2024-22025	external
https://access.redhat.com/security/cve/CVE-2024-25629	self
https://bugzilla.redhat.com/show_bug.cgi?id=2265713	external
https://www.cve.org/CVERecord?id=CVE-2024-25629	external
https://nvd.nist.gov/vuln/detail/CVE-2024-25629	external
https://github.com/c-ares/c-ares/security/advisor…	external
https://access.redhat.com/security/cve/CVE-2024-27982	self
https://bugzilla.redhat.com/show_bug.cgi?id=2275392	external
https://www.cve.org/CVERecord?id=CVE-2024-27982	external
https://nvd.nist.gov/vuln/detail/CVE-2024-27982	external
https://nodejs.org/en/blog/vulnerability/april-20…	external
https://access.redhat.com/security/cve/CVE-2024-27983	self
https://bugzilla.redhat.com/show_bug.cgi?id=2272764	external
https://www.cve.org/CVERecord?id=CVE-2024-27983	external
https://nvd.nist.gov/vuln/detail/CVE-2024-27983	external
https://nowotarski.info/http2-continuation-flood/	external
https://www.kb.cert.org/vuls/id/421644	external
https://access.redhat.com/security/cve/CVE-2024-28182	self
https://bugzilla.redhat.com/show_bug.cgi?id=2268639	external
https://www.cve.org/CVERecord?id=CVE-2024-28182	external
https://nvd.nist.gov/vuln/detail/CVE-2024-28182	external
https://github.com/nghttp2/nghttp2/security/advis…	external

Acknowledgments

nowotarski.info Bartek Nowotarski

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* nodejs: CONTINUATION frames DoS (CVE-2024-27983)\n\n* nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025)\n\n* nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982)\n\n* nghttp2: CONTINUATION frames DoS (CVE-2024-28182)\n\n* c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:2779",
        "url": "https://access.redhat.com/errata/RHSA-2024:2779"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2265713",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265713"
      },
      {
        "category": "external",
        "summary": "2268639",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268639"
      },
      {
        "category": "external",
        "summary": "2270559",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270559"
      },
      {
        "category": "external",
        "summary": "2272764",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272764"
      },
      {
        "category": "external",
        "summary": "2275392",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275392"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2779.json"
      }
    ],
    "title": "Red Hat Security Advisory: nodejs:18 security update",
    "tracking": {
      "current_release_date": "2026-03-18T02:38:51+00:00",
      "generator": {
        "date": "2026-03-18T02:38:51+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.3"
        }
      },
      "id": "RHSA-2024:2779",
      "initial_release_date": "2024-05-09T06:26:16+00:00",
      "revision_history": [
        {
          "date": "2024-05-09T06:26:16+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-05-09T06:26:16+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-03-18T02:38:51+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                  "product_id": "AppStream-9.4.0.Z.MAIN.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src (nodejs:18)",
                  "product_id": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=src\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src (nodejs:18)",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.3.0%2B19762%2Bd716bf3b?arch=src\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src (nodejs:18)",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.1.0%2B15718%2Be52ec601?arch=src\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch (nodejs:18)",
                  "product_id": "nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-docs@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch (nodejs:18)",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.3.0%2B19762%2Bd716bf3b?arch=noarch\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch (nodejs:18)",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.1.0%2B15718%2Be52ec601?arch=noarch\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch (nodejs:18)",
                  "product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel9.1.0%2B15718%2Be52ec601?arch=noarch\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64 (nodejs:18)",
                  "product_id": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64 (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64 (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64 (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64 (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
                "product": {
                  "name": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64 (nodejs:18)",
                  "product_id": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.5.0-1.18.20.2.2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le (nodejs:18)",
                  "product_id": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
                "product": {
                  "name": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le (nodejs:18)",
                  "product_id": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.5.0-1.18.20.2.2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x (nodejs:18)",
                  "product_id": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
                "product": {
                  "name": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x (nodejs:18)",
                  "product_id": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.5.0-1.18.20.2.2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64 (nodejs:18)",
                  "product_id": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64 (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64 (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64 (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64 (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
                "product": {
                  "name": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64 (nodejs:18)",
                  "product_id": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.5.0-1.18.20.2.2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18"
        },
        "product_reference": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18"
        },
        "product_reference": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18"
        },
        "product_reference": "nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18"
        },
        "product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18"
        },
        "product_reference": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18"
        },
        "product_reference": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18"
        },
        "product_reference": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
        },
        "product_reference": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-22025",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2024-03-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270559"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The identified flaw in Node.js, which involves the fetch() function always decoding Brotli content regardless of its source, represents a moderate severity issue due to its potential to facilitate denial of service attacks through resource exhaustion. This vulnerability allows malicious actors to manipulate the URL parameter passed into fetch(), exploiting the consistent Brotli decoding behavior to overwhelm system memory resources. While the impact is constrained to process termination, its severity is moderated by the requirement for specific conditions, such as untrusted URLs and system configurations.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-22025"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270559",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270559"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22025",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22025",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22025"
        }
      ],
      "release_date": "2024-03-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-09T06:26:16+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2779"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service"
    },
    {
      "cve": "CVE-2024-25629",
      "cwe": {
        "id": "CWE-127",
        "name": "Buffer Under-read"
      },
      "discovery_date": "2024-02-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2265713"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "c-ares: Out of bounds read in ares__read_line()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat considers this a Low impact since this issue requires a specific configuration file to be configured incorrectly, meaning an attacker would need access to this configuration file to impact the server. This would normally correspond to an already compromised environment.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-25629"
        },
        {
          "category": "external",
          "summary": "RHBZ#2265713",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265713"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-25629",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-25629",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25629"
        },
        {
          "category": "external",
          "summary": "https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q",
          "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q"
        }
      ],
      "release_date": "2024-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-09T06:26:16+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2779"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "c-ares: Out of bounds read in ares__read_line()"
    },
    {
      "cve": "CVE-2024-27982",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2024-04-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2275392"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: HTTP Request Smuggling via Content Length Obfuscation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The HTTP request smuggling vulnerability in Node.js, stemming from Content-Length header obfuscation, is categorized as moderate severity due to its potential impact on the security and integrity of web applications. While the vulnerability can allow for the smuggling of secondary HTTP requests, leading to potential bypassing of security controls and injection of malicious content, its exploitation requires specific conditions and configurations to be met. Successful exploitation relies on the server\u0027s handling of malformed headers and the presence of web caching mechanisms susceptible to poisoning. Though the risk is notable and could facilitate attacks like XSS and cache poisoning, its moderate severity status suggests that while it warrants attention and mitigation, it might not pose an immediate, widespread threat under all circumstances.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-27982"
        },
        {
          "category": "external",
          "summary": "RHBZ#2275392",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275392"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-27982",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases",
          "url": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases"
        }
      ],
      "release_date": "2024-04-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-09T06:26:16+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2779"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: HTTP Request Smuggling via Content Length Obfuscation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Bartek Nowotarski"
          ],
          "organization": "nowotarski.info"
        }
      ],
      "cve": "CVE-2024-27983",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2024-04-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2272764"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: CONTINUATION frames DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat rates the security impact of this vulnerability as Important due to the worst-case scenario resulting in a denial of service, in alignment with the upstream Node.js project. It is simple to exploit, could significantly impact availability, and there is no reasonable mitigation. Once an attack has ended, the system should return to normal operations on its own.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-27983"
        },
        {
          "category": "external",
          "summary": "RHBZ#2272764",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272764"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-27983",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases",
          "url": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases"
        },
        {
          "category": "external",
          "summary": "https://nowotarski.info/http2-continuation-flood/",
          "url": "https://nowotarski.info/http2-continuation-flood/"
        },
        {
          "category": "external",
          "summary": "https://www.kb.cert.org/vuls/id/421644",
          "url": "https://www.kb.cert.org/vuls/id/421644"
        }
      ],
      "release_date": "2024-04-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-09T06:26:16+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2779"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs: CONTINUATION frames DoS"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Bartek Nowotarski"
          ],
          "organization": "nowotarski.info"
        }
      ],
      "cve": "CVE-2024-28182",
      "cwe": {
        "id": "CWE-390",
        "name": "Detection of Error Condition Without Action"
      },
      "discovery_date": "2024-03-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2268639"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nghttp2: CONTINUATION frames DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat rates the security impact of this vulnerability as Moderate, in alignment with upstream nghttp2. The worst case scenario is excessive CPU utilization causing a denial of service. Once an attack has ended, the system should return to normal operations on its own.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-28182"
        },
        {
          "category": "external",
          "summary": "RHBZ#2268639",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268639"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28182",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28182",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28182"
        },
        {
          "category": "external",
          "summary": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q",
          "url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q"
        },
        {
          "category": "external",
          "summary": "https://nowotarski.info/http2-continuation-flood/",
          "url": "https://nowotarski.info/http2-continuation-flood/"
        },
        {
          "category": "external",
          "summary": "https://www.kb.cert.org/vuls/id/421644",
          "url": "https://www.kb.cert.org/vuls/id/421644"
        }
      ],
      "release_date": "2024-04-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-09T06:26:16+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2779"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nghttp2: CONTINUATION frames DoS"
    }
  ]
}

RHSA-2024:2780

Vulnerability from csaf_redhat - Published: 2024-05-09 06:30 - Updated: 2026-03-18 02:38

Summary

Red Hat Security Advisory: nodejs:18 security update

Severity

Important

Notes

Topic: An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

CVE-2024-22025

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-25629

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE-127 - Buffer Under-read

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2024-27982

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-27983

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2024-28182

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-390 - Detection of Error Condition Without Action

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18	—	Vendor Fix fix Workaround

Threats

Impact Moderate

References

33 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:2780	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2265713	external
https://bugzilla.redhat.com/show_bug.cgi?id=2268639	external
https://bugzilla.redhat.com/show_bug.cgi?id=2270559	external
https://bugzilla.redhat.com/show_bug.cgi?id=2272764	external
https://bugzilla.redhat.com/show_bug.cgi?id=2275392	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2024-22025	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270559	external
https://www.cve.org/CVERecord?id=CVE-2024-22025	external
https://nvd.nist.gov/vuln/detail/CVE-2024-22025	external
https://access.redhat.com/security/cve/CVE-2024-25629	self
https://bugzilla.redhat.com/show_bug.cgi?id=2265713	external
https://www.cve.org/CVERecord?id=CVE-2024-25629	external
https://nvd.nist.gov/vuln/detail/CVE-2024-25629	external
https://github.com/c-ares/c-ares/security/advisor…	external
https://access.redhat.com/security/cve/CVE-2024-27982	self
https://bugzilla.redhat.com/show_bug.cgi?id=2275392	external
https://www.cve.org/CVERecord?id=CVE-2024-27982	external
https://nvd.nist.gov/vuln/detail/CVE-2024-27982	external
https://nodejs.org/en/blog/vulnerability/april-20…	external
https://access.redhat.com/security/cve/CVE-2024-27983	self
https://bugzilla.redhat.com/show_bug.cgi?id=2272764	external
https://www.cve.org/CVERecord?id=CVE-2024-27983	external
https://nvd.nist.gov/vuln/detail/CVE-2024-27983	external
https://nowotarski.info/http2-continuation-flood/	external
https://www.kb.cert.org/vuls/id/421644	external
https://access.redhat.com/security/cve/CVE-2024-28182	self
https://bugzilla.redhat.com/show_bug.cgi?id=2268639	external
https://www.cve.org/CVERecord?id=CVE-2024-28182	external
https://nvd.nist.gov/vuln/detail/CVE-2024-28182	external
https://github.com/nghttp2/nghttp2/security/advis…	external

Acknowledgments

nowotarski.info Bartek Nowotarski

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* nodejs: CONTINUATION frames DoS (CVE-2024-27983)\n\n* nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025)\n\n* nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982)\n\n* nghttp2: CONTINUATION frames DoS (CVE-2024-28182)\n\n* c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:2780",
        "url": "https://access.redhat.com/errata/RHSA-2024:2780"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2265713",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265713"
      },
      {
        "category": "external",
        "summary": "2268639",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268639"
      },
      {
        "category": "external",
        "summary": "2270559",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270559"
      },
      {
        "category": "external",
        "summary": "2272764",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272764"
      },
      {
        "category": "external",
        "summary": "2275392",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275392"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2780.json"
      }
    ],
    "title": "Red Hat Security Advisory: nodejs:18 security update",
    "tracking": {
      "current_release_date": "2026-03-18T02:38:53+00:00",
      "generator": {
        "date": "2026-03-18T02:38:53+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.3"
        }
      },
      "id": "RHSA-2024:2780",
      "initial_release_date": "2024-05-09T06:30:11+00:00",
      "revision_history": [
        {
          "date": "2024-05-09T06:30:11+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-05-09T06:30:11+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-03-18T02:38:53+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                  "product_id": "AppStream-8.9.0.Z.MAIN",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.src::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.src (nodejs:18)",
                  "product_id": "nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.src::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.20.2-1.module%2Bel8.9.0%2B21767%2B537f34ee?arch=src\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240429131734:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src (nodejs:18)",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.9.0%2B21190%2B5ebd2c33?arch=src\u0026rpmmod=nodejs:18:8090020240429131734:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src (nodejs:18)",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.9.0%2B21190%2B5ebd2c33?arch=src\u0026rpmmod=nodejs:18:8090020240429131734:a75119d5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-docs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-docs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.noarch (nodejs:18)",
                  "product_id": "nodejs-docs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-docs@18.20.2-1.module%2Bel8.9.0%2B21767%2B537f34ee?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240429131734:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch (nodejs:18)",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.9.0%2B21190%2B5ebd2c33?arch=noarch\u0026rpmmod=nodejs:18:8090020240429131734:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch (nodejs:18)",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.9.0%2B21190%2B5ebd2c33?arch=noarch\u0026rpmmod=nodejs:18:8090020240429131734:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch (nodejs:18)",
                  "product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel8.9.0%2B21190%2B5ebd2c33?arch=noarch\u0026rpmmod=nodejs:18:8090020240429131734:a75119d5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64 (nodejs:18)",
                  "product_id": "nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.20.2-1.module%2Bel8.9.0%2B21767%2B537f34ee?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240429131734:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64 (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.2-1.module%2Bel8.9.0%2B21767%2B537f34ee?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240429131734:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64 (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.2-1.module%2Bel8.9.0%2B21767%2B537f34ee?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240429131734:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64 (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.20.2-1.module%2Bel8.9.0%2B21767%2B537f34ee?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240429131734:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64 (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.2-1.module%2Bel8.9.0%2B21767%2B537f34ee?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240429131734:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
                "product": {
                  "name": "npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.aarch64 (nodejs:18)",
                  "product_id": "npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.5.0-1.18.20.2.1.module%2Bel8.9.0%2B21767%2B537f34ee?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240429131734:a75119d5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le (nodejs:18)",
                  "product_id": "nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.20.2-1.module%2Bel8.9.0%2B21767%2B537f34ee?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240429131734:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.2-1.module%2Bel8.9.0%2B21767%2B537f34ee?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240429131734:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.2-1.module%2Bel8.9.0%2B21767%2B537f34ee?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240429131734:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.20.2-1.module%2Bel8.9.0%2B21767%2B537f34ee?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240429131734:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.2-1.module%2Bel8.9.0%2B21767%2B537f34ee?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240429131734:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
                "product": {
                  "name": "npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.ppc64le (nodejs:18)",
                  "product_id": "npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.5.0-1.18.20.2.1.module%2Bel8.9.0%2B21767%2B537f34ee?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240429131734:a75119d5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x (nodejs:18)",
                  "product_id": "nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.20.2-1.module%2Bel8.9.0%2B21767%2B537f34ee?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240429131734:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.2-1.module%2Bel8.9.0%2B21767%2B537f34ee?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240429131734:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.2-1.module%2Bel8.9.0%2B21767%2B537f34ee?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240429131734:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.20.2-1.module%2Bel8.9.0%2B21767%2B537f34ee?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240429131734:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.2-1.module%2Bel8.9.0%2B21767%2B537f34ee?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240429131734:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
                "product": {
                  "name": "npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.s390x (nodejs:18)",
                  "product_id": "npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.5.0-1.18.20.2.1.module%2Bel8.9.0%2B21767%2B537f34ee?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240429131734:a75119d5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64 (nodejs:18)",
                  "product_id": "nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.20.2-1.module%2Bel8.9.0%2B21767%2B537f34ee?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240429131734:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64 (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.2-1.module%2Bel8.9.0%2B21767%2B537f34ee?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240429131734:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64 (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.2-1.module%2Bel8.9.0%2B21767%2B537f34ee?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240429131734:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64 (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.20.2-1.module%2Bel8.9.0%2B21767%2B537f34ee?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240429131734:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64 (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.2-1.module%2Bel8.9.0%2B21767%2B537f34ee?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240429131734:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
                "product": {
                  "name": "npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.x86_64 (nodejs:18)",
                  "product_id": "npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.5.0-1.18.20.2.1.module%2Bel8.9.0%2B21767%2B537f34ee?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240429131734:a75119d5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18"
        },
        "product_reference": "nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.src::nodejs:18"
        },
        "product_reference": "nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.src::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-docs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.noarch::nodejs:18"
        },
        "product_reference": "nodejs-docs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18"
        },
        "product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18"
        },
        "product_reference": "npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18"
        },
        "product_reference": "npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18"
        },
        "product_reference": "npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18"
        },
        "product_reference": "npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-22025",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2024-03-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270559"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The identified flaw in Node.js, which involves the fetch() function always decoding Brotli content regardless of its source, represents a moderate severity issue due to its potential to facilitate denial of service attacks through resource exhaustion. This vulnerability allows malicious actors to manipulate the URL parameter passed into fetch(), exploiting the consistent Brotli decoding behavior to overwhelm system memory resources. While the impact is constrained to process termination, its severity is moderated by the requirement for specific conditions, such as untrusted URLs and system configurations.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.src::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-22025"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270559",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270559"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22025",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22025",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22025"
        }
      ],
      "release_date": "2024-03-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-09T06:30:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2780"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service"
    },
    {
      "cve": "CVE-2024-25629",
      "cwe": {
        "id": "CWE-127",
        "name": "Buffer Under-read"
      },
      "discovery_date": "2024-02-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2265713"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "c-ares: Out of bounds read in ares__read_line()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat considers this a Low impact since this issue requires a specific configuration file to be configured incorrectly, meaning an attacker would need access to this configuration file to impact the server. This would normally correspond to an already compromised environment.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.src::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-25629"
        },
        {
          "category": "external",
          "summary": "RHBZ#2265713",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265713"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-25629",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-25629",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25629"
        },
        {
          "category": "external",
          "summary": "https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q",
          "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q"
        }
      ],
      "release_date": "2024-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-09T06:30:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2780"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "c-ares: Out of bounds read in ares__read_line()"
    },
    {
      "cve": "CVE-2024-27982",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2024-04-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2275392"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: HTTP Request Smuggling via Content Length Obfuscation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The HTTP request smuggling vulnerability in Node.js, stemming from Content-Length header obfuscation, is categorized as moderate severity due to its potential impact on the security and integrity of web applications. While the vulnerability can allow for the smuggling of secondary HTTP requests, leading to potential bypassing of security controls and injection of malicious content, its exploitation requires specific conditions and configurations to be met. Successful exploitation relies on the server\u0027s handling of malformed headers and the presence of web caching mechanisms susceptible to poisoning. Though the risk is notable and could facilitate attacks like XSS and cache poisoning, its moderate severity status suggests that while it warrants attention and mitigation, it might not pose an immediate, widespread threat under all circumstances.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.src::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-27982"
        },
        {
          "category": "external",
          "summary": "RHBZ#2275392",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275392"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-27982",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases",
          "url": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases"
        }
      ],
      "release_date": "2024-04-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-09T06:30:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2780"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: HTTP Request Smuggling via Content Length Obfuscation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Bartek Nowotarski"
          ],
          "organization": "nowotarski.info"
        }
      ],
      "cve": "CVE-2024-27983",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2024-04-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2272764"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: CONTINUATION frames DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat rates the security impact of this vulnerability as Important due to the worst-case scenario resulting in a denial of service, in alignment with the upstream Node.js project. It is simple to exploit, could significantly impact availability, and there is no reasonable mitigation. Once an attack has ended, the system should return to normal operations on its own.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.src::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-27983"
        },
        {
          "category": "external",
          "summary": "RHBZ#2272764",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272764"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-27983",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases",
          "url": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases"
        },
        {
          "category": "external",
          "summary": "https://nowotarski.info/http2-continuation-flood/",
          "url": "https://nowotarski.info/http2-continuation-flood/"
        },
        {
          "category": "external",
          "summary": "https://www.kb.cert.org/vuls/id/421644",
          "url": "https://www.kb.cert.org/vuls/id/421644"
        }
      ],
      "release_date": "2024-04-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-09T06:30:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2780"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs: CONTINUATION frames DoS"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Bartek Nowotarski"
          ],
          "organization": "nowotarski.info"
        }
      ],
      "cve": "CVE-2024-28182",
      "cwe": {
        "id": "CWE-390",
        "name": "Detection of Error Condition Without Action"
      },
      "discovery_date": "2024-03-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2268639"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nghttp2: CONTINUATION frames DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat rates the security impact of this vulnerability as Moderate, in alignment with upstream nghttp2. The worst case scenario is excessive CPU utilization causing a denial of service. Once an attack has ended, the system should return to normal operations on its own.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.src::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-28182"
        },
        {
          "category": "external",
          "summary": "RHBZ#2268639",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268639"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28182",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28182",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28182"
        },
        {
          "category": "external",
          "summary": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q",
          "url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q"
        },
        {
          "category": "external",
          "summary": "https://nowotarski.info/http2-continuation-flood/",
          "url": "https://nowotarski.info/http2-continuation-flood/"
        },
        {
          "category": "external",
          "summary": "https://www.kb.cert.org/vuls/id/421644",
          "url": "https://www.kb.cert.org/vuls/id/421644"
        }
      ],
      "release_date": "2024-04-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-09T06:30:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2780"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.20.2-1.module+el8.9.0+21767+537f34ee.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.20.2-1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.18.20.2.1.module+el8.9.0+21767+537f34ee.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nghttp2: CONTINUATION frames DoS"
    }
  ]
}

RHSA-2024:2853

Vulnerability from csaf_redhat - Published: 2024-05-15 11:35 - Updated: 2026-03-18 02:38

Summary

Red Hat Security Advisory: nodejs:20 security update

Severity

Important

Notes

Topic: An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

CVE-2024-22025

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-25629

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE-127 - Buffer Under-read

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2024-27982

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-27983

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2024-28182

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-390 - Detection of Error Condition Without Action

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20	—	Vendor Fix fix Workaround

Threats

Impact Moderate

References

33 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:2853	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2265713	external
https://bugzilla.redhat.com/show_bug.cgi?id=2268639	external
https://bugzilla.redhat.com/show_bug.cgi?id=2270559	external
https://bugzilla.redhat.com/show_bug.cgi?id=2272764	external
https://bugzilla.redhat.com/show_bug.cgi?id=2275392	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2024-22025	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270559	external
https://www.cve.org/CVERecord?id=CVE-2024-22025	external
https://nvd.nist.gov/vuln/detail/CVE-2024-22025	external
https://access.redhat.com/security/cve/CVE-2024-25629	self
https://bugzilla.redhat.com/show_bug.cgi?id=2265713	external
https://www.cve.org/CVERecord?id=CVE-2024-25629	external
https://nvd.nist.gov/vuln/detail/CVE-2024-25629	external
https://github.com/c-ares/c-ares/security/advisor…	external
https://access.redhat.com/security/cve/CVE-2024-27982	self
https://bugzilla.redhat.com/show_bug.cgi?id=2275392	external
https://www.cve.org/CVERecord?id=CVE-2024-27982	external
https://nvd.nist.gov/vuln/detail/CVE-2024-27982	external
https://nodejs.org/en/blog/vulnerability/april-20…	external
https://access.redhat.com/security/cve/CVE-2024-27983	self
https://bugzilla.redhat.com/show_bug.cgi?id=2272764	external
https://www.cve.org/CVERecord?id=CVE-2024-27983	external
https://nvd.nist.gov/vuln/detail/CVE-2024-27983	external
https://nowotarski.info/http2-continuation-flood/	external
https://www.kb.cert.org/vuls/id/421644	external
https://access.redhat.com/security/cve/CVE-2024-28182	self
https://bugzilla.redhat.com/show_bug.cgi?id=2268639	external
https://www.cve.org/CVERecord?id=CVE-2024-28182	external
https://nvd.nist.gov/vuln/detail/CVE-2024-28182	external
https://github.com/nghttp2/nghttp2/security/advis…	external

Acknowledgments

nowotarski.info Bartek Nowotarski

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives\na detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Node.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language.\n\nSecurity Fix(es):\n\n* c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)\n\n* nghttp2: CONTINUATION frames DoS (CVE-2024-28182)\n\n* nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025)\n\n* nodejs: CONTINUATION frames DoS (CVE-2024-27983)\n\n* nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:2853",
        "url": "https://access.redhat.com/errata/RHSA-2024:2853"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2265713",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265713"
      },
      {
        "category": "external",
        "summary": "2268639",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268639"
      },
      {
        "category": "external",
        "summary": "2270559",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270559"
      },
      {
        "category": "external",
        "summary": "2272764",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272764"
      },
      {
        "category": "external",
        "summary": "2275392",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275392"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2853.json"
      }
    ],
    "title": "Red Hat Security Advisory: nodejs:20 security update",
    "tracking": {
      "current_release_date": "2026-03-18T02:38:35+00:00",
      "generator": {
        "date": "2026-03-18T02:38:35+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.3"
        }
      },
      "id": "RHSA-2024:2853",
      "initial_release_date": "2024-05-15T11:35:08+00:00",
      "revision_history": [
        {
          "date": "2024-05-15T11:35:08+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-05-15T11:35:08+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-03-18T02:38:35+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                  "product_id": "AppStream-9.4.0.Z.MAIN.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.src::nodejs:20",
                "product": {
                  "name": "nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.src (nodejs:20)",
                  "product_id": "nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.src::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@20.12.2-2.module%2Bel9.4.0%2B21731%2B46b5b8a7?arch=src\u0026epoch=1\u0026rpmmod=nodejs:20:9040020240419140200:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src (nodejs:20)",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.3.0.z%2B20478%2B84a9f781?arch=src\u0026rpmmod=nodejs:20:9040020240419140200:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src (nodejs:20)",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.3.0%2B19518%2B63aad52d?arch=src\u0026rpmmod=nodejs:20:9040020240419140200:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-docs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.noarch::nodejs:20",
                "product": {
                  "name": "nodejs-docs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.noarch (nodejs:20)",
                  "product_id": "nodejs-docs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.noarch::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-docs@20.12.2-2.module%2Bel9.4.0%2B21731%2B46b5b8a7?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:20:9040020240419140200:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch (nodejs:20)",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.3.0.z%2B20478%2B84a9f781?arch=noarch\u0026rpmmod=nodejs:20:9040020240419140200:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch (nodejs:20)",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.3.0%2B19518%2B63aad52d?arch=noarch\u0026rpmmod=nodejs:20:9040020240419140200:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
                "product": {
                  "name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch (nodejs:20)",
                  "product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel9.3.0%2B19518%2B63aad52d?arch=noarch\u0026rpmmod=nodejs:20:9040020240419140200:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
                "product": {
                  "name": "nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64 (nodejs:20)",
                  "product_id": "nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@20.12.2-2.module%2Bel9.4.0%2B21731%2B46b5b8a7?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:9040020240419140200:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
                "product": {
                  "name": "nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64 (nodejs:20)",
                  "product_id": "nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@20.12.2-2.module%2Bel9.4.0%2B21731%2B46b5b8a7?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:9040020240419140200:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
                "product": {
                  "name": "nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64 (nodejs:20)",
                  "product_id": "nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@20.12.2-2.module%2Bel9.4.0%2B21731%2B46b5b8a7?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:9040020240419140200:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
                "product": {
                  "name": "nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64 (nodejs:20)",
                  "product_id": "nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@20.12.2-2.module%2Bel9.4.0%2B21731%2B46b5b8a7?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:9040020240419140200:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
                "product": {
                  "name": "nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64 (nodejs:20)",
                  "product_id": "nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@20.12.2-2.module%2Bel9.4.0%2B21731%2B46b5b8a7?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:9040020240419140200:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
                "product": {
                  "name": "npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.aarch64 (nodejs:20)",
                  "product_id": "npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.5.0-1.20.12.2.2.module%2Bel9.4.0%2B21731%2B46b5b8a7?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:9040020240419140200:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
                "product": {
                  "name": "nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le (nodejs:20)",
                  "product_id": "nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@20.12.2-2.module%2Bel9.4.0%2B21731%2B46b5b8a7?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:9040020240419140200:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
                "product": {
                  "name": "nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le (nodejs:20)",
                  "product_id": "nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@20.12.2-2.module%2Bel9.4.0%2B21731%2B46b5b8a7?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:9040020240419140200:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
                "product": {
                  "name": "nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le (nodejs:20)",
                  "product_id": "nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@20.12.2-2.module%2Bel9.4.0%2B21731%2B46b5b8a7?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:9040020240419140200:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
                "product": {
                  "name": "nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le (nodejs:20)",
                  "product_id": "nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@20.12.2-2.module%2Bel9.4.0%2B21731%2B46b5b8a7?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:9040020240419140200:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
                "product": {
                  "name": "nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le (nodejs:20)",
                  "product_id": "nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@20.12.2-2.module%2Bel9.4.0%2B21731%2B46b5b8a7?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:9040020240419140200:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
                "product": {
                  "name": "npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.ppc64le (nodejs:20)",
                  "product_id": "npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.5.0-1.20.12.2.2.module%2Bel9.4.0%2B21731%2B46b5b8a7?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:9040020240419140200:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
                "product": {
                  "name": "nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x (nodejs:20)",
                  "product_id": "nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@20.12.2-2.module%2Bel9.4.0%2B21731%2B46b5b8a7?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:9040020240419140200:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
                "product": {
                  "name": "nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x (nodejs:20)",
                  "product_id": "nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@20.12.2-2.module%2Bel9.4.0%2B21731%2B46b5b8a7?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:9040020240419140200:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
                "product": {
                  "name": "nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x (nodejs:20)",
                  "product_id": "nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@20.12.2-2.module%2Bel9.4.0%2B21731%2B46b5b8a7?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:9040020240419140200:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
                "product": {
                  "name": "nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x (nodejs:20)",
                  "product_id": "nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@20.12.2-2.module%2Bel9.4.0%2B21731%2B46b5b8a7?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:9040020240419140200:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
                "product": {
                  "name": "nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x (nodejs:20)",
                  "product_id": "nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@20.12.2-2.module%2Bel9.4.0%2B21731%2B46b5b8a7?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:9040020240419140200:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
                "product": {
                  "name": "npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.s390x (nodejs:20)",
                  "product_id": "npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.5.0-1.20.12.2.2.module%2Bel9.4.0%2B21731%2B46b5b8a7?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:9040020240419140200:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
                "product": {
                  "name": "nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64 (nodejs:20)",
                  "product_id": "nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@20.12.2-2.module%2Bel9.4.0%2B21731%2B46b5b8a7?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:9040020240419140200:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
                "product": {
                  "name": "nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64 (nodejs:20)",
                  "product_id": "nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@20.12.2-2.module%2Bel9.4.0%2B21731%2B46b5b8a7?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:9040020240419140200:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
                "product": {
                  "name": "nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64 (nodejs:20)",
                  "product_id": "nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@20.12.2-2.module%2Bel9.4.0%2B21731%2B46b5b8a7?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:9040020240419140200:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
                "product": {
                  "name": "nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64 (nodejs:20)",
                  "product_id": "nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@20.12.2-2.module%2Bel9.4.0%2B21731%2B46b5b8a7?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:9040020240419140200:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
                "product": {
                  "name": "nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64 (nodejs:20)",
                  "product_id": "nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@20.12.2-2.module%2Bel9.4.0%2B21731%2B46b5b8a7?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:9040020240419140200:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
                "product": {
                  "name": "npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.x86_64 (nodejs:20)",
                  "product_id": "npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.5.0-1.20.12.2.2.module%2Bel9.4.0%2B21731%2B46b5b8a7?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:9040020240419140200:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20"
        },
        "product_reference": "nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20"
        },
        "product_reference": "nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20"
        },
        "product_reference": "nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.src (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.src::nodejs:20"
        },
        "product_reference": "nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.src::nodejs:20",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20"
        },
        "product_reference": "nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20"
        },
        "product_reference": "nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20"
        },
        "product_reference": "nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20"
        },
        "product_reference": "nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20"
        },
        "product_reference": "nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20"
        },
        "product_reference": "nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20"
        },
        "product_reference": "nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20"
        },
        "product_reference": "nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20"
        },
        "product_reference": "nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20"
        },
        "product_reference": "nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20"
        },
        "product_reference": "nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20"
        },
        "product_reference": "nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20"
        },
        "product_reference": "nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-docs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.noarch::nodejs:20"
        },
        "product_reference": "nodejs-docs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.noarch::nodejs:20",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20"
        },
        "product_reference": "nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20"
        },
        "product_reference": "nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20"
        },
        "product_reference": "nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20"
        },
        "product_reference": "nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20"
        },
        "product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20"
        },
        "product_reference": "npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20"
        },
        "product_reference": "npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20"
        },
        "product_reference": "npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20"
        },
        "product_reference": "npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-22025",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2024-03-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270559"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The identified flaw in Node.js, which involves the fetch() function always decoding Brotli content regardless of its source, represents a moderate severity issue due to its potential to facilitate denial of service attacks through resource exhaustion. This vulnerability allows malicious actors to manipulate the URL parameter passed into fetch(), exploiting the consistent Brotli decoding behavior to overwhelm system memory resources. While the impact is constrained to process termination, its severity is moderated by the requirement for specific conditions, such as untrusted URLs and system configurations.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.src::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.noarch::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-22025"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270559",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270559"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22025",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22025",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22025"
        }
      ],
      "release_date": "2024-03-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-15T11:35:08+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2853"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service"
    },
    {
      "cve": "CVE-2024-25629",
      "cwe": {
        "id": "CWE-127",
        "name": "Buffer Under-read"
      },
      "discovery_date": "2024-02-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2265713"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "c-ares: Out of bounds read in ares__read_line()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat considers this a Low impact since this issue requires a specific configuration file to be configured incorrectly, meaning an attacker would need access to this configuration file to impact the server. This would normally correspond to an already compromised environment.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.src::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.noarch::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-25629"
        },
        {
          "category": "external",
          "summary": "RHBZ#2265713",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265713"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-25629",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-25629",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25629"
        },
        {
          "category": "external",
          "summary": "https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q",
          "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q"
        }
      ],
      "release_date": "2024-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-15T11:35:08+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2853"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "c-ares: Out of bounds read in ares__read_line()"
    },
    {
      "cve": "CVE-2024-27982",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2024-04-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2275392"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: HTTP Request Smuggling via Content Length Obfuscation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The HTTP request smuggling vulnerability in Node.js, stemming from Content-Length header obfuscation, is categorized as moderate severity due to its potential impact on the security and integrity of web applications. While the vulnerability can allow for the smuggling of secondary HTTP requests, leading to potential bypassing of security controls and injection of malicious content, its exploitation requires specific conditions and configurations to be met. Successful exploitation relies on the server\u0027s handling of malformed headers and the presence of web caching mechanisms susceptible to poisoning. Though the risk is notable and could facilitate attacks like XSS and cache poisoning, its moderate severity status suggests that while it warrants attention and mitigation, it might not pose an immediate, widespread threat under all circumstances.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.src::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.noarch::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-27982"
        },
        {
          "category": "external",
          "summary": "RHBZ#2275392",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275392"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-27982",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases",
          "url": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases"
        }
      ],
      "release_date": "2024-04-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-15T11:35:08+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2853"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: HTTP Request Smuggling via Content Length Obfuscation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Bartek Nowotarski"
          ],
          "organization": "nowotarski.info"
        }
      ],
      "cve": "CVE-2024-27983",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2024-04-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2272764"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: CONTINUATION frames DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat rates the security impact of this vulnerability as Important due to the worst-case scenario resulting in a denial of service, in alignment with the upstream Node.js project. It is simple to exploit, could significantly impact availability, and there is no reasonable mitigation. Once an attack has ended, the system should return to normal operations on its own.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.src::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.noarch::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-27983"
        },
        {
          "category": "external",
          "summary": "RHBZ#2272764",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272764"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-27983",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases",
          "url": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases"
        },
        {
          "category": "external",
          "summary": "https://nowotarski.info/http2-continuation-flood/",
          "url": "https://nowotarski.info/http2-continuation-flood/"
        },
        {
          "category": "external",
          "summary": "https://www.kb.cert.org/vuls/id/421644",
          "url": "https://www.kb.cert.org/vuls/id/421644"
        }
      ],
      "release_date": "2024-04-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-15T11:35:08+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2853"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs: CONTINUATION frames DoS"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Bartek Nowotarski"
          ],
          "organization": "nowotarski.info"
        }
      ],
      "cve": "CVE-2024-28182",
      "cwe": {
        "id": "CWE-390",
        "name": "Detection of Error Condition Without Action"
      },
      "discovery_date": "2024-03-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2268639"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nghttp2: CONTINUATION frames DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat rates the security impact of this vulnerability as Moderate, in alignment with upstream nghttp2. The worst case scenario is excessive CPU utilization causing a denial of service. Once an attack has ended, the system should return to normal operations on its own.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.src::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.noarch::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-28182"
        },
        {
          "category": "external",
          "summary": "RHBZ#2268639",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268639"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28182",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28182",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28182"
        },
        {
          "category": "external",
          "summary": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q",
          "url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q"
        },
        {
          "category": "external",
          "summary": "https://nowotarski.info/http2-continuation-flood/",
          "url": "https://nowotarski.info/http2-continuation-flood/"
        },
        {
          "category": "external",
          "summary": "https://www.kb.cert.org/vuls/id/421644",
          "url": "https://www.kb.cert.org/vuls/id/421644"
        }
      ],
      "release_date": "2024-04-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-15T11:35:08+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2853"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.aarch64::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.ppc64le::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.s390x::nodejs:20",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7.x86_64::nodejs:20"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nghttp2: CONTINUATION frames DoS"
    }
  ]
}

RHSA-2024:2910

Vulnerability from csaf_redhat - Published: 2024-05-20 02:14 - Updated: 2026-03-18 02:38

Summary

Red Hat Security Advisory: nodejs security update

Severity

Important

Notes

Topic: An update for nodejs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

CVE-2024-22025

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 34 products

Product	Version	Remediation
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:16.20.2-8.el9_4.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-25629

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE-127 - Buffer Under-read

Affected products

Fixed 34 products

Product	Version	Remediation
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:16.20.2-8.el9_4.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2024-27982

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 34 products

Product	Version	Remediation
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:16.20.2-8.el9_4.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-27983

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 34 products

Product	Version	Remediation
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:16.20.2-8.el9_4.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2024-28182

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-390 - Detection of Error Condition Without Action

Affected products

Fixed 34 products

Product	Version	Remediation
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:16.20.2-8.el9_4.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

References

33 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:2910	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2265713	external
https://bugzilla.redhat.com/show_bug.cgi?id=2268639	external
https://bugzilla.redhat.com/show_bug.cgi?id=2270559	external
https://bugzilla.redhat.com/show_bug.cgi?id=2272764	external
https://bugzilla.redhat.com/show_bug.cgi?id=2275392	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2024-22025	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270559	external
https://www.cve.org/CVERecord?id=CVE-2024-22025	external
https://nvd.nist.gov/vuln/detail/CVE-2024-22025	external
https://access.redhat.com/security/cve/CVE-2024-25629	self
https://bugzilla.redhat.com/show_bug.cgi?id=2265713	external
https://www.cve.org/CVERecord?id=CVE-2024-25629	external
https://nvd.nist.gov/vuln/detail/CVE-2024-25629	external
https://github.com/c-ares/c-ares/security/advisor…	external
https://access.redhat.com/security/cve/CVE-2024-27982	self
https://bugzilla.redhat.com/show_bug.cgi?id=2275392	external
https://www.cve.org/CVERecord?id=CVE-2024-27982	external
https://nvd.nist.gov/vuln/detail/CVE-2024-27982	external
https://nodejs.org/en/blog/vulnerability/april-20…	external
https://access.redhat.com/security/cve/CVE-2024-27983	self
https://bugzilla.redhat.com/show_bug.cgi?id=2272764	external
https://www.cve.org/CVERecord?id=CVE-2024-27983	external
https://nvd.nist.gov/vuln/detail/CVE-2024-27983	external
https://nowotarski.info/http2-continuation-flood/	external
https://www.kb.cert.org/vuls/id/421644	external
https://access.redhat.com/security/cve/CVE-2024-28182	self
https://bugzilla.redhat.com/show_bug.cgi?id=2268639	external
https://www.cve.org/CVERecord?id=CVE-2024-28182	external
https://nvd.nist.gov/vuln/detail/CVE-2024-28182	external
https://github.com/nghttp2/nghttp2/security/advis…	external

Acknowledgments

nowotarski.info Bartek Nowotarski

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for nodejs is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* nodejs: CONTINUATION frames DoS (CVE-2024-27983)\n\n* nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025)\n\n* nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982)\n\n* nghttp2: CONTINUATION frames DoS (CVE-2024-28182)\n\n* c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:2910",
        "url": "https://access.redhat.com/errata/RHSA-2024:2910"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2265713",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265713"
      },
      {
        "category": "external",
        "summary": "2268639",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268639"
      },
      {
        "category": "external",
        "summary": "2270559",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270559"
      },
      {
        "category": "external",
        "summary": "2272764",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272764"
      },
      {
        "category": "external",
        "summary": "2275392",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275392"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2910.json"
      }
    ],
    "title": "Red Hat Security Advisory: nodejs security update",
    "tracking": {
      "current_release_date": "2026-03-18T02:38:53+00:00",
      "generator": {
        "date": "2026-03-18T02:38:53+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.3"
        }
      },
      "id": "RHSA-2024:2910",
      "initial_release_date": "2024-05-20T02:14:01+00:00",
      "revision_history": [
        {
          "date": "2024-05-20T02:14:01+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-05-20T02:14:01+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-03-18T02:38:53+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                  "product_id": "AppStream-9.4.0.Z.MAIN.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.20.2-8.el9_4.src",
                "product": {
                  "name": "nodejs-1:16.20.2-8.el9_4.src",
                  "product_id": "nodejs-1:16.20.2-8.el9_4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.20.2-8.el9_4?arch=src\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.20.2-8.el9_4.aarch64",
                "product": {
                  "name": "nodejs-1:16.20.2-8.el9_4.aarch64",
                  "product_id": "nodejs-1:16.20.2-8.el9_4.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.20.2-8.el9_4?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:16.20.2-8.el9_4.aarch64",
                "product": {
                  "name": "nodejs-full-i18n-1:16.20.2-8.el9_4.aarch64",
                  "product_id": "nodejs-full-i18n-1:16.20.2-8.el9_4.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.20.2-8.el9_4?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-1:16.20.2-8.el9_4.aarch64",
                "product": {
                  "name": "nodejs-libs-1:16.20.2-8.el9_4.aarch64",
                  "product_id": "nodejs-libs-1:16.20.2-8.el9_4.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs@16.20.2-8.el9_4?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:8.19.4-1.16.20.2.8.el9_4.aarch64",
                "product": {
                  "name": "npm-1:8.19.4-1.16.20.2.8.el9_4.aarch64",
                  "product_id": "npm-1:8.19.4-1.16.20.2.8.el9_4.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@8.19.4-1.16.20.2.8.el9_4?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.20.2-8.el9_4.aarch64",
                "product": {
                  "name": "nodejs-debugsource-1:16.20.2-8.el9_4.aarch64",
                  "product_id": "nodejs-debugsource-1:16.20.2-8.el9_4.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.20.2-8.el9_4?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.20.2-8.el9_4.aarch64",
                "product": {
                  "name": "nodejs-debuginfo-1:16.20.2-8.el9_4.aarch64",
                  "product_id": "nodejs-debuginfo-1:16.20.2-8.el9_4.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.20.2-8.el9_4?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-debuginfo-1:16.20.2-8.el9_4.aarch64",
                "product": {
                  "name": "nodejs-libs-debuginfo-1:16.20.2-8.el9_4.aarch64",
                  "product_id": "nodejs-libs-debuginfo-1:16.20.2-8.el9_4.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@16.20.2-8.el9_4?arch=aarch64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.20.2-8.el9_4.ppc64le",
                "product": {
                  "name": "nodejs-1:16.20.2-8.el9_4.ppc64le",
                  "product_id": "nodejs-1:16.20.2-8.el9_4.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.20.2-8.el9_4?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:16.20.2-8.el9_4.ppc64le",
                "product": {
                  "name": "nodejs-full-i18n-1:16.20.2-8.el9_4.ppc64le",
                  "product_id": "nodejs-full-i18n-1:16.20.2-8.el9_4.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.20.2-8.el9_4?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-1:16.20.2-8.el9_4.ppc64le",
                "product": {
                  "name": "nodejs-libs-1:16.20.2-8.el9_4.ppc64le",
                  "product_id": "nodejs-libs-1:16.20.2-8.el9_4.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs@16.20.2-8.el9_4?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:8.19.4-1.16.20.2.8.el9_4.ppc64le",
                "product": {
                  "name": "npm-1:8.19.4-1.16.20.2.8.el9_4.ppc64le",
                  "product_id": "npm-1:8.19.4-1.16.20.2.8.el9_4.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@8.19.4-1.16.20.2.8.el9_4?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.20.2-8.el9_4.ppc64le",
                "product": {
                  "name": "nodejs-debugsource-1:16.20.2-8.el9_4.ppc64le",
                  "product_id": "nodejs-debugsource-1:16.20.2-8.el9_4.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.20.2-8.el9_4?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
                "product": {
                  "name": "nodejs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
                  "product_id": "nodejs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.20.2-8.el9_4?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
                "product": {
                  "name": "nodejs-libs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
                  "product_id": "nodejs-libs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@16.20.2-8.el9_4?arch=ppc64le\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.20.2-8.el9_4.x86_64",
                "product": {
                  "name": "nodejs-1:16.20.2-8.el9_4.x86_64",
                  "product_id": "nodejs-1:16.20.2-8.el9_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.20.2-8.el9_4?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:16.20.2-8.el9_4.x86_64",
                "product": {
                  "name": "nodejs-full-i18n-1:16.20.2-8.el9_4.x86_64",
                  "product_id": "nodejs-full-i18n-1:16.20.2-8.el9_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.20.2-8.el9_4?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-1:16.20.2-8.el9_4.x86_64",
                "product": {
                  "name": "nodejs-libs-1:16.20.2-8.el9_4.x86_64",
                  "product_id": "nodejs-libs-1:16.20.2-8.el9_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs@16.20.2-8.el9_4?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:8.19.4-1.16.20.2.8.el9_4.x86_64",
                "product": {
                  "name": "npm-1:8.19.4-1.16.20.2.8.el9_4.x86_64",
                  "product_id": "npm-1:8.19.4-1.16.20.2.8.el9_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@8.19.4-1.16.20.2.8.el9_4?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.20.2-8.el9_4.x86_64",
                "product": {
                  "name": "nodejs-debugsource-1:16.20.2-8.el9_4.x86_64",
                  "product_id": "nodejs-debugsource-1:16.20.2-8.el9_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.20.2-8.el9_4?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.20.2-8.el9_4.x86_64",
                "product": {
                  "name": "nodejs-debuginfo-1:16.20.2-8.el9_4.x86_64",
                  "product_id": "nodejs-debuginfo-1:16.20.2-8.el9_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.20.2-8.el9_4?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-debuginfo-1:16.20.2-8.el9_4.x86_64",
                "product": {
                  "name": "nodejs-libs-debuginfo-1:16.20.2-8.el9_4.x86_64",
                  "product_id": "nodejs-libs-debuginfo-1:16.20.2-8.el9_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@16.20.2-8.el9_4?arch=x86_64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-libs-1:16.20.2-8.el9_4.i686",
                "product": {
                  "name": "nodejs-libs-1:16.20.2-8.el9_4.i686",
                  "product_id": "nodejs-libs-1:16.20.2-8.el9_4.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs@16.20.2-8.el9_4?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.20.2-8.el9_4.i686",
                "product": {
                  "name": "nodejs-debugsource-1:16.20.2-8.el9_4.i686",
                  "product_id": "nodejs-debugsource-1:16.20.2-8.el9_4.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.20.2-8.el9_4?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.20.2-8.el9_4.i686",
                "product": {
                  "name": "nodejs-debuginfo-1:16.20.2-8.el9_4.i686",
                  "product_id": "nodejs-debuginfo-1:16.20.2-8.el9_4.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.20.2-8.el9_4?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-debuginfo-1:16.20.2-8.el9_4.i686",
                "product": {
                  "name": "nodejs-libs-debuginfo-1:16.20.2-8.el9_4.i686",
                  "product_id": "nodejs-libs-debuginfo-1:16.20.2-8.el9_4.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@16.20.2-8.el9_4?arch=i686\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.20.2-8.el9_4.s390x",
                "product": {
                  "name": "nodejs-1:16.20.2-8.el9_4.s390x",
                  "product_id": "nodejs-1:16.20.2-8.el9_4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.20.2-8.el9_4?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:16.20.2-8.el9_4.s390x",
                "product": {
                  "name": "nodejs-full-i18n-1:16.20.2-8.el9_4.s390x",
                  "product_id": "nodejs-full-i18n-1:16.20.2-8.el9_4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.20.2-8.el9_4?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-1:16.20.2-8.el9_4.s390x",
                "product": {
                  "name": "nodejs-libs-1:16.20.2-8.el9_4.s390x",
                  "product_id": "nodejs-libs-1:16.20.2-8.el9_4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs@16.20.2-8.el9_4?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:8.19.4-1.16.20.2.8.el9_4.s390x",
                "product": {
                  "name": "npm-1:8.19.4-1.16.20.2.8.el9_4.s390x",
                  "product_id": "npm-1:8.19.4-1.16.20.2.8.el9_4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@8.19.4-1.16.20.2.8.el9_4?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.20.2-8.el9_4.s390x",
                "product": {
                  "name": "nodejs-debugsource-1:16.20.2-8.el9_4.s390x",
                  "product_id": "nodejs-debugsource-1:16.20.2-8.el9_4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.20.2-8.el9_4?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.20.2-8.el9_4.s390x",
                "product": {
                  "name": "nodejs-debuginfo-1:16.20.2-8.el9_4.s390x",
                  "product_id": "nodejs-debuginfo-1:16.20.2-8.el9_4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.20.2-8.el9_4?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-debuginfo-1:16.20.2-8.el9_4.s390x",
                "product": {
                  "name": "nodejs-libs-debuginfo-1:16.20.2-8.el9_4.s390x",
                  "product_id": "nodejs-libs-debuginfo-1:16.20.2-8.el9_4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@16.20.2-8.el9_4?arch=s390x\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-docs-1:16.20.2-8.el9_4.noarch",
                "product": {
                  "name": "nodejs-docs-1:16.20.2-8.el9_4.noarch",
                  "product_id": "nodejs-docs-1:16.20.2-8.el9_4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-docs@16.20.2-8.el9_4?arch=noarch\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.20.2-8.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.aarch64"
        },
        "product_reference": "nodejs-1:16.20.2-8.el9_4.aarch64",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.20.2-8.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.ppc64le"
        },
        "product_reference": "nodejs-1:16.20.2-8.el9_4.ppc64le",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.20.2-8.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.s390x"
        },
        "product_reference": "nodejs-1:16.20.2-8.el9_4.s390x",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.20.2-8.el9_4.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.src"
        },
        "product_reference": "nodejs-1:16.20.2-8.el9_4.src",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.20.2-8.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.x86_64"
        },
        "product_reference": "nodejs-1:16.20.2-8.el9_4.x86_64",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.20.2-8.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.aarch64"
        },
        "product_reference": "nodejs-debuginfo-1:16.20.2-8.el9_4.aarch64",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.20.2-8.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.i686"
        },
        "product_reference": "nodejs-debuginfo-1:16.20.2-8.el9_4.i686",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.20.2-8.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.ppc64le"
        },
        "product_reference": "nodejs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.20.2-8.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.s390x"
        },
        "product_reference": "nodejs-debuginfo-1:16.20.2-8.el9_4.s390x",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.20.2-8.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.x86_64"
        },
        "product_reference": "nodejs-debuginfo-1:16.20.2-8.el9_4.x86_64",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.20.2-8.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.aarch64"
        },
        "product_reference": "nodejs-debugsource-1:16.20.2-8.el9_4.aarch64",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.20.2-8.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.i686"
        },
        "product_reference": "nodejs-debugsource-1:16.20.2-8.el9_4.i686",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.20.2-8.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.ppc64le"
        },
        "product_reference": "nodejs-debugsource-1:16.20.2-8.el9_4.ppc64le",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.20.2-8.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.s390x"
        },
        "product_reference": "nodejs-debugsource-1:16.20.2-8.el9_4.s390x",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.20.2-8.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.x86_64"
        },
        "product_reference": "nodejs-debugsource-1:16.20.2-8.el9_4.x86_64",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-docs-1:16.20.2-8.el9_4.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:16.20.2-8.el9_4.noarch"
        },
        "product_reference": "nodejs-docs-1:16.20.2-8.el9_4.noarch",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:16.20.2-8.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.aarch64"
        },
        "product_reference": "nodejs-full-i18n-1:16.20.2-8.el9_4.aarch64",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:16.20.2-8.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.ppc64le"
        },
        "product_reference": "nodejs-full-i18n-1:16.20.2-8.el9_4.ppc64le",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:16.20.2-8.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.s390x"
        },
        "product_reference": "nodejs-full-i18n-1:16.20.2-8.el9_4.s390x",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:16.20.2-8.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.x86_64"
        },
        "product_reference": "nodejs-full-i18n-1:16.20.2-8.el9_4.x86_64",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-1:16.20.2-8.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.aarch64"
        },
        "product_reference": "nodejs-libs-1:16.20.2-8.el9_4.aarch64",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-1:16.20.2-8.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.i686"
        },
        "product_reference": "nodejs-libs-1:16.20.2-8.el9_4.i686",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-1:16.20.2-8.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.ppc64le"
        },
        "product_reference": "nodejs-libs-1:16.20.2-8.el9_4.ppc64le",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-1:16.20.2-8.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.s390x"
        },
        "product_reference": "nodejs-libs-1:16.20.2-8.el9_4.s390x",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-1:16.20.2-8.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.x86_64"
        },
        "product_reference": "nodejs-libs-1:16.20.2-8.el9_4.x86_64",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-debuginfo-1:16.20.2-8.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.aarch64"
        },
        "product_reference": "nodejs-libs-debuginfo-1:16.20.2-8.el9_4.aarch64",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-debuginfo-1:16.20.2-8.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.i686"
        },
        "product_reference": "nodejs-libs-debuginfo-1:16.20.2-8.el9_4.i686",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-debuginfo-1:16.20.2-8.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.ppc64le"
        },
        "product_reference": "nodejs-libs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-debuginfo-1:16.20.2-8.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.s390x"
        },
        "product_reference": "nodejs-libs-debuginfo-1:16.20.2-8.el9_4.s390x",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-debuginfo-1:16.20.2-8.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.x86_64"
        },
        "product_reference": "nodejs-libs-debuginfo-1:16.20.2-8.el9_4.x86_64",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:8.19.4-1.16.20.2.8.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.aarch64"
        },
        "product_reference": "npm-1:8.19.4-1.16.20.2.8.el9_4.aarch64",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:8.19.4-1.16.20.2.8.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.ppc64le"
        },
        "product_reference": "npm-1:8.19.4-1.16.20.2.8.el9_4.ppc64le",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:8.19.4-1.16.20.2.8.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.s390x"
        },
        "product_reference": "npm-1:8.19.4-1.16.20.2.8.el9_4.s390x",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:8.19.4-1.16.20.2.8.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.x86_64"
        },
        "product_reference": "npm-1:8.19.4-1.16.20.2.8.el9_4.x86_64",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-22025",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2024-03-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270559"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The identified flaw in Node.js, which involves the fetch() function always decoding Brotli content regardless of its source, represents a moderate severity issue due to its potential to facilitate denial of service attacks through resource exhaustion. This vulnerability allows malicious actors to manipulate the URL parameter passed into fetch(), exploiting the consistent Brotli decoding behavior to overwhelm system memory resources. While the impact is constrained to process termination, its severity is moderated by the requirement for specific conditions, such as untrusted URLs and system configurations.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.src",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.i686",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.i686",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:16.20.2-8.el9_4.noarch",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.i686",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.i686",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-22025"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270559",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270559"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22025",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22025",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22025"
        }
      ],
      "release_date": "2024-03-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-20T02:14:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.src",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:16.20.2-8.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2910"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.src",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:16.20.2-8.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.src",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:16.20.2-8.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service"
    },
    {
      "cve": "CVE-2024-25629",
      "cwe": {
        "id": "CWE-127",
        "name": "Buffer Under-read"
      },
      "discovery_date": "2024-02-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2265713"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "c-ares: Out of bounds read in ares__read_line()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat considers this a Low impact since this issue requires a specific configuration file to be configured incorrectly, meaning an attacker would need access to this configuration file to impact the server. This would normally correspond to an already compromised environment.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.src",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.i686",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.i686",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:16.20.2-8.el9_4.noarch",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.i686",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.i686",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-25629"
        },
        {
          "category": "external",
          "summary": "RHBZ#2265713",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265713"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-25629",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-25629",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25629"
        },
        {
          "category": "external",
          "summary": "https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q",
          "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q"
        }
      ],
      "release_date": "2024-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-20T02:14:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.src",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:16.20.2-8.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2910"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.src",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:16.20.2-8.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.src",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:16.20.2-8.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "c-ares: Out of bounds read in ares__read_line()"
    },
    {
      "cve": "CVE-2024-27982",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2024-04-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2275392"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: HTTP Request Smuggling via Content Length Obfuscation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The HTTP request smuggling vulnerability in Node.js, stemming from Content-Length header obfuscation, is categorized as moderate severity due to its potential impact on the security and integrity of web applications. While the vulnerability can allow for the smuggling of secondary HTTP requests, leading to potential bypassing of security controls and injection of malicious content, its exploitation requires specific conditions and configurations to be met. Successful exploitation relies on the server\u0027s handling of malformed headers and the presence of web caching mechanisms susceptible to poisoning. Though the risk is notable and could facilitate attacks like XSS and cache poisoning, its moderate severity status suggests that while it warrants attention and mitigation, it might not pose an immediate, widespread threat under all circumstances.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.src",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.i686",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.i686",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:16.20.2-8.el9_4.noarch",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.i686",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.i686",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-27982"
        },
        {
          "category": "external",
          "summary": "RHBZ#2275392",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275392"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-27982",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases",
          "url": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases"
        }
      ],
      "release_date": "2024-04-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-20T02:14:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.src",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:16.20.2-8.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2910"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.src",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:16.20.2-8.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.src",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:16.20.2-8.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: HTTP Request Smuggling via Content Length Obfuscation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Bartek Nowotarski"
          ],
          "organization": "nowotarski.info"
        }
      ],
      "cve": "CVE-2024-27983",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2024-04-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2272764"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: CONTINUATION frames DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat rates the security impact of this vulnerability as Important due to the worst-case scenario resulting in a denial of service, in alignment with the upstream Node.js project. It is simple to exploit, could significantly impact availability, and there is no reasonable mitigation. Once an attack has ended, the system should return to normal operations on its own.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.src",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.i686",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.i686",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:16.20.2-8.el9_4.noarch",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.i686",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.i686",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-27983"
        },
        {
          "category": "external",
          "summary": "RHBZ#2272764",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272764"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-27983",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases",
          "url": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases"
        },
        {
          "category": "external",
          "summary": "https://nowotarski.info/http2-continuation-flood/",
          "url": "https://nowotarski.info/http2-continuation-flood/"
        },
        {
          "category": "external",
          "summary": "https://www.kb.cert.org/vuls/id/421644",
          "url": "https://www.kb.cert.org/vuls/id/421644"
        }
      ],
      "release_date": "2024-04-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-20T02:14:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.src",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:16.20.2-8.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2910"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.src",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:16.20.2-8.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.src",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:16.20.2-8.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs: CONTINUATION frames DoS"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Bartek Nowotarski"
          ],
          "organization": "nowotarski.info"
        }
      ],
      "cve": "CVE-2024-28182",
      "cwe": {
        "id": "CWE-390",
        "name": "Detection of Error Condition Without Action"
      },
      "discovery_date": "2024-03-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2268639"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nghttp2: CONTINUATION frames DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat rates the security impact of this vulnerability as Moderate, in alignment with upstream nghttp2. The worst case scenario is excessive CPU utilization causing a denial of service. Once an attack has ended, the system should return to normal operations on its own.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.src",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.i686",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.i686",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:16.20.2-8.el9_4.noarch",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.i686",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.i686",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-28182"
        },
        {
          "category": "external",
          "summary": "RHBZ#2268639",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268639"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28182",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28182",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28182"
        },
        {
          "category": "external",
          "summary": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q",
          "url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q"
        },
        {
          "category": "external",
          "summary": "https://nowotarski.info/http2-continuation-flood/",
          "url": "https://nowotarski.info/http2-continuation-flood/"
        },
        {
          "category": "external",
          "summary": "https://www.kb.cert.org/vuls/id/421644",
          "url": "https://www.kb.cert.org/vuls/id/421644"
        }
      ],
      "release_date": "2024-04-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-20T02:14:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.src",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:16.20.2-8.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2910"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.src",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:16.20.2-8.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.src",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:16.20.2-8.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.i686",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.20.2-8.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:8.19.4-1.16.20.2.8.el9_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nghttp2: CONTINUATION frames DoS"
    }
  ]
}

RHSA-2024:3545

Vulnerability from csaf_redhat - Published: 2024-06-03 18:38 - Updated: 2026-03-18 02:39

Summary

Red Hat Security Advisory: nodejs security update

Severity

Important

Notes

Details: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982) * nodejs: CONTINUATION frames DoS (CVE-2024-27983) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-27982

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 34 products

Product	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-docs-1:16.20.2-6.el9_0.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-27983

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 34 products

Product	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-docs-1:16.20.2-6.el9_0.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Important

References

16 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:3545	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2272764	external
https://bugzilla.redhat.com/show_bug.cgi?id=2275392	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2024-27982	self
https://bugzilla.redhat.com/show_bug.cgi?id=2275392	external
https://www.cve.org/CVERecord?id=CVE-2024-27982	external
https://nvd.nist.gov/vuln/detail/CVE-2024-27982	external
https://nodejs.org/en/blog/vulnerability/april-20…	external
https://access.redhat.com/security/cve/CVE-2024-27983	self
https://bugzilla.redhat.com/show_bug.cgi?id=2272764	external
https://www.cve.org/CVERecord?id=CVE-2024-27983	external
https://nvd.nist.gov/vuln/detail/CVE-2024-27983	external
https://nowotarski.info/http2-continuation-flood/	external
https://www.kb.cert.org/vuls/id/421644	external

Acknowledgments

nowotarski.info Bartek Nowotarski

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for nodejs is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Node.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language.\n\nSecurity Fix(es):\n\n* nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982)\n\n* nodejs: CONTINUATION frames DoS (CVE-2024-27983)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s)\nlisted in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:3545",
        "url": "https://access.redhat.com/errata/RHSA-2024:3545"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2272764",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272764"
      },
      {
        "category": "external",
        "summary": "2275392",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275392"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3545.json"
      }
    ],
    "title": "Red Hat Security Advisory: nodejs security update",
    "tracking": {
      "current_release_date": "2026-03-18T02:39:48+00:00",
      "generator": {
        "date": "2026-03-18T02:39:48+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.3"
        }
      },
      "id": "RHSA-2024:3545",
      "initial_release_date": "2024-06-03T18:38:00+00:00",
      "revision_history": [
        {
          "date": "2024-06-03T18:38:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-06-03T18:38:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-03-18T02:39:48+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream EUS (v.9.0)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream EUS (v.9.0)",
                  "product_id": "AppStream-9.0.0.Z.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_eus:9.0::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.20.2-6.el9_0.src",
                "product": {
                  "name": "nodejs-1:16.20.2-6.el9_0.src",
                  "product_id": "nodejs-1:16.20.2-6.el9_0.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.20.2-6.el9_0?arch=src\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.20.2-6.el9_0.aarch64",
                "product": {
                  "name": "nodejs-1:16.20.2-6.el9_0.aarch64",
                  "product_id": "nodejs-1:16.20.2-6.el9_0.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.20.2-6.el9_0?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:16.20.2-6.el9_0.aarch64",
                "product": {
                  "name": "nodejs-full-i18n-1:16.20.2-6.el9_0.aarch64",
                  "product_id": "nodejs-full-i18n-1:16.20.2-6.el9_0.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.20.2-6.el9_0?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-1:16.20.2-6.el9_0.aarch64",
                "product": {
                  "name": "nodejs-libs-1:16.20.2-6.el9_0.aarch64",
                  "product_id": "nodejs-libs-1:16.20.2-6.el9_0.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs@16.20.2-6.el9_0?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:8.19.4-1.16.20.2.6.el9_0.aarch64",
                "product": {
                  "name": "npm-1:8.19.4-1.16.20.2.6.el9_0.aarch64",
                  "product_id": "npm-1:8.19.4-1.16.20.2.6.el9_0.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@8.19.4-1.16.20.2.6.el9_0?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.20.2-6.el9_0.aarch64",
                "product": {
                  "name": "nodejs-debugsource-1:16.20.2-6.el9_0.aarch64",
                  "product_id": "nodejs-debugsource-1:16.20.2-6.el9_0.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.20.2-6.el9_0?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.20.2-6.el9_0.aarch64",
                "product": {
                  "name": "nodejs-debuginfo-1:16.20.2-6.el9_0.aarch64",
                  "product_id": "nodejs-debuginfo-1:16.20.2-6.el9_0.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.20.2-6.el9_0?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-debuginfo-1:16.20.2-6.el9_0.aarch64",
                "product": {
                  "name": "nodejs-libs-debuginfo-1:16.20.2-6.el9_0.aarch64",
                  "product_id": "nodejs-libs-debuginfo-1:16.20.2-6.el9_0.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@16.20.2-6.el9_0?arch=aarch64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.20.2-6.el9_0.ppc64le",
                "product": {
                  "name": "nodejs-1:16.20.2-6.el9_0.ppc64le",
                  "product_id": "nodejs-1:16.20.2-6.el9_0.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.20.2-6.el9_0?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:16.20.2-6.el9_0.ppc64le",
                "product": {
                  "name": "nodejs-full-i18n-1:16.20.2-6.el9_0.ppc64le",
                  "product_id": "nodejs-full-i18n-1:16.20.2-6.el9_0.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.20.2-6.el9_0?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-1:16.20.2-6.el9_0.ppc64le",
                "product": {
                  "name": "nodejs-libs-1:16.20.2-6.el9_0.ppc64le",
                  "product_id": "nodejs-libs-1:16.20.2-6.el9_0.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs@16.20.2-6.el9_0?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:8.19.4-1.16.20.2.6.el9_0.ppc64le",
                "product": {
                  "name": "npm-1:8.19.4-1.16.20.2.6.el9_0.ppc64le",
                  "product_id": "npm-1:8.19.4-1.16.20.2.6.el9_0.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@8.19.4-1.16.20.2.6.el9_0?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.20.2-6.el9_0.ppc64le",
                "product": {
                  "name": "nodejs-debugsource-1:16.20.2-6.el9_0.ppc64le",
                  "product_id": "nodejs-debugsource-1:16.20.2-6.el9_0.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.20.2-6.el9_0?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.20.2-6.el9_0.ppc64le",
                "product": {
                  "name": "nodejs-debuginfo-1:16.20.2-6.el9_0.ppc64le",
                  "product_id": "nodejs-debuginfo-1:16.20.2-6.el9_0.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.20.2-6.el9_0?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-debuginfo-1:16.20.2-6.el9_0.ppc64le",
                "product": {
                  "name": "nodejs-libs-debuginfo-1:16.20.2-6.el9_0.ppc64le",
                  "product_id": "nodejs-libs-debuginfo-1:16.20.2-6.el9_0.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@16.20.2-6.el9_0?arch=ppc64le\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.20.2-6.el9_0.x86_64",
                "product": {
                  "name": "nodejs-1:16.20.2-6.el9_0.x86_64",
                  "product_id": "nodejs-1:16.20.2-6.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.20.2-6.el9_0?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:16.20.2-6.el9_0.x86_64",
                "product": {
                  "name": "nodejs-full-i18n-1:16.20.2-6.el9_0.x86_64",
                  "product_id": "nodejs-full-i18n-1:16.20.2-6.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.20.2-6.el9_0?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-1:16.20.2-6.el9_0.x86_64",
                "product": {
                  "name": "nodejs-libs-1:16.20.2-6.el9_0.x86_64",
                  "product_id": "nodejs-libs-1:16.20.2-6.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs@16.20.2-6.el9_0?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:8.19.4-1.16.20.2.6.el9_0.x86_64",
                "product": {
                  "name": "npm-1:8.19.4-1.16.20.2.6.el9_0.x86_64",
                  "product_id": "npm-1:8.19.4-1.16.20.2.6.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@8.19.4-1.16.20.2.6.el9_0?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.20.2-6.el9_0.x86_64",
                "product": {
                  "name": "nodejs-debugsource-1:16.20.2-6.el9_0.x86_64",
                  "product_id": "nodejs-debugsource-1:16.20.2-6.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.20.2-6.el9_0?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.20.2-6.el9_0.x86_64",
                "product": {
                  "name": "nodejs-debuginfo-1:16.20.2-6.el9_0.x86_64",
                  "product_id": "nodejs-debuginfo-1:16.20.2-6.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.20.2-6.el9_0?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-debuginfo-1:16.20.2-6.el9_0.x86_64",
                "product": {
                  "name": "nodejs-libs-debuginfo-1:16.20.2-6.el9_0.x86_64",
                  "product_id": "nodejs-libs-debuginfo-1:16.20.2-6.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@16.20.2-6.el9_0?arch=x86_64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-libs-1:16.20.2-6.el9_0.i686",
                "product": {
                  "name": "nodejs-libs-1:16.20.2-6.el9_0.i686",
                  "product_id": "nodejs-libs-1:16.20.2-6.el9_0.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs@16.20.2-6.el9_0?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.20.2-6.el9_0.i686",
                "product": {
                  "name": "nodejs-debugsource-1:16.20.2-6.el9_0.i686",
                  "product_id": "nodejs-debugsource-1:16.20.2-6.el9_0.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.20.2-6.el9_0?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.20.2-6.el9_0.i686",
                "product": {
                  "name": "nodejs-debuginfo-1:16.20.2-6.el9_0.i686",
                  "product_id": "nodejs-debuginfo-1:16.20.2-6.el9_0.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.20.2-6.el9_0?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-debuginfo-1:16.20.2-6.el9_0.i686",
                "product": {
                  "name": "nodejs-libs-debuginfo-1:16.20.2-6.el9_0.i686",
                  "product_id": "nodejs-libs-debuginfo-1:16.20.2-6.el9_0.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@16.20.2-6.el9_0?arch=i686\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.20.2-6.el9_0.s390x",
                "product": {
                  "name": "nodejs-1:16.20.2-6.el9_0.s390x",
                  "product_id": "nodejs-1:16.20.2-6.el9_0.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.20.2-6.el9_0?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:16.20.2-6.el9_0.s390x",
                "product": {
                  "name": "nodejs-full-i18n-1:16.20.2-6.el9_0.s390x",
                  "product_id": "nodejs-full-i18n-1:16.20.2-6.el9_0.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.20.2-6.el9_0?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-1:16.20.2-6.el9_0.s390x",
                "product": {
                  "name": "nodejs-libs-1:16.20.2-6.el9_0.s390x",
                  "product_id": "nodejs-libs-1:16.20.2-6.el9_0.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs@16.20.2-6.el9_0?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:8.19.4-1.16.20.2.6.el9_0.s390x",
                "product": {
                  "name": "npm-1:8.19.4-1.16.20.2.6.el9_0.s390x",
                  "product_id": "npm-1:8.19.4-1.16.20.2.6.el9_0.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@8.19.4-1.16.20.2.6.el9_0?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.20.2-6.el9_0.s390x",
                "product": {
                  "name": "nodejs-debugsource-1:16.20.2-6.el9_0.s390x",
                  "product_id": "nodejs-debugsource-1:16.20.2-6.el9_0.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.20.2-6.el9_0?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.20.2-6.el9_0.s390x",
                "product": {
                  "name": "nodejs-debuginfo-1:16.20.2-6.el9_0.s390x",
                  "product_id": "nodejs-debuginfo-1:16.20.2-6.el9_0.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.20.2-6.el9_0?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-debuginfo-1:16.20.2-6.el9_0.s390x",
                "product": {
                  "name": "nodejs-libs-debuginfo-1:16.20.2-6.el9_0.s390x",
                  "product_id": "nodejs-libs-debuginfo-1:16.20.2-6.el9_0.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@16.20.2-6.el9_0?arch=s390x\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-docs-1:16.20.2-6.el9_0.noarch",
                "product": {
                  "name": "nodejs-docs-1:16.20.2-6.el9_0.noarch",
                  "product_id": "nodejs-docs-1:16.20.2-6.el9_0.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-docs@16.20.2-6.el9_0?arch=noarch\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.20.2-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.aarch64"
        },
        "product_reference": "nodejs-1:16.20.2-6.el9_0.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.20.2-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.ppc64le"
        },
        "product_reference": "nodejs-1:16.20.2-6.el9_0.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.20.2-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.s390x"
        },
        "product_reference": "nodejs-1:16.20.2-6.el9_0.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.20.2-6.el9_0.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.src"
        },
        "product_reference": "nodejs-1:16.20.2-6.el9_0.src",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.20.2-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.x86_64"
        },
        "product_reference": "nodejs-1:16.20.2-6.el9_0.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.20.2-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.aarch64"
        },
        "product_reference": "nodejs-debuginfo-1:16.20.2-6.el9_0.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.20.2-6.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.i686"
        },
        "product_reference": "nodejs-debuginfo-1:16.20.2-6.el9_0.i686",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.20.2-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.ppc64le"
        },
        "product_reference": "nodejs-debuginfo-1:16.20.2-6.el9_0.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.20.2-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.s390x"
        },
        "product_reference": "nodejs-debuginfo-1:16.20.2-6.el9_0.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.20.2-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.x86_64"
        },
        "product_reference": "nodejs-debuginfo-1:16.20.2-6.el9_0.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.20.2-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.aarch64"
        },
        "product_reference": "nodejs-debugsource-1:16.20.2-6.el9_0.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.20.2-6.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.i686"
        },
        "product_reference": "nodejs-debugsource-1:16.20.2-6.el9_0.i686",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.20.2-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.ppc64le"
        },
        "product_reference": "nodejs-debugsource-1:16.20.2-6.el9_0.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.20.2-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.s390x"
        },
        "product_reference": "nodejs-debugsource-1:16.20.2-6.el9_0.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.20.2-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.x86_64"
        },
        "product_reference": "nodejs-debugsource-1:16.20.2-6.el9_0.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-docs-1:16.20.2-6.el9_0.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:nodejs-docs-1:16.20.2-6.el9_0.noarch"
        },
        "product_reference": "nodejs-docs-1:16.20.2-6.el9_0.noarch",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:16.20.2-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.aarch64"
        },
        "product_reference": "nodejs-full-i18n-1:16.20.2-6.el9_0.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:16.20.2-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.ppc64le"
        },
        "product_reference": "nodejs-full-i18n-1:16.20.2-6.el9_0.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:16.20.2-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.s390x"
        },
        "product_reference": "nodejs-full-i18n-1:16.20.2-6.el9_0.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:16.20.2-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.x86_64"
        },
        "product_reference": "nodejs-full-i18n-1:16.20.2-6.el9_0.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-1:16.20.2-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.aarch64"
        },
        "product_reference": "nodejs-libs-1:16.20.2-6.el9_0.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-1:16.20.2-6.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.i686"
        },
        "product_reference": "nodejs-libs-1:16.20.2-6.el9_0.i686",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-1:16.20.2-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.ppc64le"
        },
        "product_reference": "nodejs-libs-1:16.20.2-6.el9_0.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-1:16.20.2-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.s390x"
        },
        "product_reference": "nodejs-libs-1:16.20.2-6.el9_0.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-1:16.20.2-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.x86_64"
        },
        "product_reference": "nodejs-libs-1:16.20.2-6.el9_0.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-debuginfo-1:16.20.2-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.aarch64"
        },
        "product_reference": "nodejs-libs-debuginfo-1:16.20.2-6.el9_0.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-debuginfo-1:16.20.2-6.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.i686"
        },
        "product_reference": "nodejs-libs-debuginfo-1:16.20.2-6.el9_0.i686",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-debuginfo-1:16.20.2-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.ppc64le"
        },
        "product_reference": "nodejs-libs-debuginfo-1:16.20.2-6.el9_0.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-debuginfo-1:16.20.2-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.s390x"
        },
        "product_reference": "nodejs-libs-debuginfo-1:16.20.2-6.el9_0.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-debuginfo-1:16.20.2-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.x86_64"
        },
        "product_reference": "nodejs-libs-debuginfo-1:16.20.2-6.el9_0.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:8.19.4-1.16.20.2.6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.aarch64"
        },
        "product_reference": "npm-1:8.19.4-1.16.20.2.6.el9_0.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:8.19.4-1.16.20.2.6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.ppc64le"
        },
        "product_reference": "npm-1:8.19.4-1.16.20.2.6.el9_0.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:8.19.4-1.16.20.2.6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.s390x"
        },
        "product_reference": "npm-1:8.19.4-1.16.20.2.6.el9_0.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:8.19.4-1.16.20.2.6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.x86_64"
        },
        "product_reference": "npm-1:8.19.4-1.16.20.2.6.el9_0.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-27982",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2024-04-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2275392"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: HTTP Request Smuggling via Content Length Obfuscation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The HTTP request smuggling vulnerability in Node.js, stemming from Content-Length header obfuscation, is categorized as moderate severity due to its potential impact on the security and integrity of web applications. While the vulnerability can allow for the smuggling of secondary HTTP requests, leading to potential bypassing of security controls and injection of malicious content, its exploitation requires specific conditions and configurations to be met. Successful exploitation relies on the server\u0027s handling of malformed headers and the presence of web caching mechanisms susceptible to poisoning. Though the risk is notable and could facilitate attacks like XSS and cache poisoning, its moderate severity status suggests that while it warrants attention and mitigation, it might not pose an immediate, widespread threat under all circumstances.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.aarch64",
          "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.ppc64le",
          "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.s390x",
          "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.src",
          "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.x86_64",
          "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.aarch64",
          "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.i686",
          "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.ppc64le",
          "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.s390x",
          "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.x86_64",
          "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.aarch64",
          "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.i686",
          "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.ppc64le",
          "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.s390x",
          "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.x86_64",
          "AppStream-9.0.0.Z.EUS:nodejs-docs-1:16.20.2-6.el9_0.noarch",
          "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.aarch64",
          "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.ppc64le",
          "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.s390x",
          "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.x86_64",
          "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.aarch64",
          "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.i686",
          "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.ppc64le",
          "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.s390x",
          "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.x86_64",
          "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.aarch64",
          "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.i686",
          "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.ppc64le",
          "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.s390x",
          "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.x86_64",
          "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.aarch64",
          "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.ppc64le",
          "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.s390x",
          "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-27982"
        },
        {
          "category": "external",
          "summary": "RHBZ#2275392",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275392"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-27982",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases",
          "url": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases"
        }
      ],
      "release_date": "2024-04-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-03T18:38:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.src",
            "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.i686",
            "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.i686",
            "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:nodejs-docs-1:16.20.2-6.el9_0.noarch",
            "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.i686",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.i686",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3545"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.src",
            "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.i686",
            "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.i686",
            "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:nodejs-docs-1:16.20.2-6.el9_0.noarch",
            "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.i686",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.i686",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.src",
            "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.i686",
            "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.i686",
            "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:nodejs-docs-1:16.20.2-6.el9_0.noarch",
            "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.i686",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.i686",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: HTTP Request Smuggling via Content Length Obfuscation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Bartek Nowotarski"
          ],
          "organization": "nowotarski.info"
        }
      ],
      "cve": "CVE-2024-27983",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2024-04-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2272764"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: CONTINUATION frames DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat rates the security impact of this vulnerability as Important due to the worst-case scenario resulting in a denial of service, in alignment with the upstream Node.js project. It is simple to exploit, could significantly impact availability, and there is no reasonable mitigation. Once an attack has ended, the system should return to normal operations on its own.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.aarch64",
          "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.ppc64le",
          "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.s390x",
          "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.src",
          "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.x86_64",
          "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.aarch64",
          "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.i686",
          "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.ppc64le",
          "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.s390x",
          "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.x86_64",
          "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.aarch64",
          "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.i686",
          "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.ppc64le",
          "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.s390x",
          "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.x86_64",
          "AppStream-9.0.0.Z.EUS:nodejs-docs-1:16.20.2-6.el9_0.noarch",
          "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.aarch64",
          "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.ppc64le",
          "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.s390x",
          "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.x86_64",
          "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.aarch64",
          "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.i686",
          "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.ppc64le",
          "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.s390x",
          "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.x86_64",
          "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.aarch64",
          "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.i686",
          "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.ppc64le",
          "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.s390x",
          "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.x86_64",
          "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.aarch64",
          "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.ppc64le",
          "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.s390x",
          "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-27983"
        },
        {
          "category": "external",
          "summary": "RHBZ#2272764",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272764"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-27983",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases",
          "url": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases"
        },
        {
          "category": "external",
          "summary": "https://nowotarski.info/http2-continuation-flood/",
          "url": "https://nowotarski.info/http2-continuation-flood/"
        },
        {
          "category": "external",
          "summary": "https://www.kb.cert.org/vuls/id/421644",
          "url": "https://www.kb.cert.org/vuls/id/421644"
        }
      ],
      "release_date": "2024-04-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-03T18:38:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.src",
            "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.i686",
            "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.i686",
            "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:nodejs-docs-1:16.20.2-6.el9_0.noarch",
            "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.i686",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.i686",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3545"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.src",
            "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.i686",
            "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.i686",
            "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:nodejs-docs-1:16.20.2-6.el9_0.noarch",
            "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.i686",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.i686",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.src",
            "AppStream-9.0.0.Z.EUS:nodejs-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.i686",
            "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.i686",
            "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:nodejs-docs-1:16.20.2-6.el9_0.noarch",
            "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.i686",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.i686",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_0.x86_64",
            "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.aarch64",
            "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.ppc64le",
            "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.s390x",
            "AppStream-9.0.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs: CONTINUATION frames DoS"
    }
  ]
}

RHSA-2024:4559

Vulnerability from csaf_redhat - Published: 2024-07-16 12:49 - Updated: 2026-03-18 02:40

Summary

Red Hat Security Advisory: nodejs security update

Severity

Moderate

Notes

Topic: An update for nodejs is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025) * nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982) * c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-22025

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 34 products

Product	Version	Remediation
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-docs-1:16.20.2-6.el9_2.3.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-25629

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE-127 - Buffer Under-read

Affected products

Fixed 34 products

Product	Version	Remediation
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-docs-1:16.20.2-6.el9_2.3.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2024-27982

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 34 products

Product	Version	Remediation
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-docs-1:16.20.2-6.el9_2.3.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

References

20 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:4559	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2265713	external
https://bugzilla.redhat.com/show_bug.cgi?id=2270559	external
https://bugzilla.redhat.com/show_bug.cgi?id=2275392	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2024-22025	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270559	external
https://www.cve.org/CVERecord?id=CVE-2024-22025	external
https://nvd.nist.gov/vuln/detail/CVE-2024-22025	external
https://access.redhat.com/security/cve/CVE-2024-25629	self
https://bugzilla.redhat.com/show_bug.cgi?id=2265713	external
https://www.cve.org/CVERecord?id=CVE-2024-25629	external
https://nvd.nist.gov/vuln/detail/CVE-2024-25629	external
https://github.com/c-ares/c-ares/security/advisor…	external
https://access.redhat.com/security/cve/CVE-2024-27982	self
https://bugzilla.redhat.com/show_bug.cgi?id=2275392	external
https://www.cve.org/CVERecord?id=CVE-2024-27982	external
https://nvd.nist.gov/vuln/detail/CVE-2024-27982	external
https://nodejs.org/en/blog/vulnerability/april-20…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for nodejs is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025)\n\n* nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982)\n\n* c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:4559",
        "url": "https://access.redhat.com/errata/RHSA-2024:4559"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2265713",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265713"
      },
      {
        "category": "external",
        "summary": "2270559",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270559"
      },
      {
        "category": "external",
        "summary": "2275392",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275392"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4559.json"
      }
    ],
    "title": "Red Hat Security Advisory: nodejs security update",
    "tracking": {
      "current_release_date": "2026-03-18T02:40:11+00:00",
      "generator": {
        "date": "2026-03-18T02:40:11+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.3"
        }
      },
      "id": "RHSA-2024:4559",
      "initial_release_date": "2024-07-16T12:49:03+00:00",
      "revision_history": [
        {
          "date": "2024-07-16T12:49:03+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-07-16T12:49:03+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-03-18T02:40:11+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
                  "product_id": "AppStream-9.2.0.Z.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_eus:9.2::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.20.2-6.el9_2.3.src",
                "product": {
                  "name": "nodejs-1:16.20.2-6.el9_2.3.src",
                  "product_id": "nodejs-1:16.20.2-6.el9_2.3.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.20.2-6.el9_2.3?arch=src\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.20.2-6.el9_2.3.aarch64",
                "product": {
                  "name": "nodejs-1:16.20.2-6.el9_2.3.aarch64",
                  "product_id": "nodejs-1:16.20.2-6.el9_2.3.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.20.2-6.el9_2.3?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:16.20.2-6.el9_2.3.aarch64",
                "product": {
                  "name": "nodejs-full-i18n-1:16.20.2-6.el9_2.3.aarch64",
                  "product_id": "nodejs-full-i18n-1:16.20.2-6.el9_2.3.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.20.2-6.el9_2.3?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-1:16.20.2-6.el9_2.3.aarch64",
                "product": {
                  "name": "nodejs-libs-1:16.20.2-6.el9_2.3.aarch64",
                  "product_id": "nodejs-libs-1:16.20.2-6.el9_2.3.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs@16.20.2-6.el9_2.3?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:8.19.4-1.16.20.2.6.el9_2.3.aarch64",
                "product": {
                  "name": "npm-1:8.19.4-1.16.20.2.6.el9_2.3.aarch64",
                  "product_id": "npm-1:8.19.4-1.16.20.2.6.el9_2.3.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@8.19.4-1.16.20.2.6.el9_2.3?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.20.2-6.el9_2.3.aarch64",
                "product": {
                  "name": "nodejs-debugsource-1:16.20.2-6.el9_2.3.aarch64",
                  "product_id": "nodejs-debugsource-1:16.20.2-6.el9_2.3.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.20.2-6.el9_2.3?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
                "product": {
                  "name": "nodejs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
                  "product_id": "nodejs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.20.2-6.el9_2.3?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
                "product": {
                  "name": "nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
                  "product_id": "nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@16.20.2-6.el9_2.3?arch=aarch64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.20.2-6.el9_2.3.ppc64le",
                "product": {
                  "name": "nodejs-1:16.20.2-6.el9_2.3.ppc64le",
                  "product_id": "nodejs-1:16.20.2-6.el9_2.3.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.20.2-6.el9_2.3?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:16.20.2-6.el9_2.3.ppc64le",
                "product": {
                  "name": "nodejs-full-i18n-1:16.20.2-6.el9_2.3.ppc64le",
                  "product_id": "nodejs-full-i18n-1:16.20.2-6.el9_2.3.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.20.2-6.el9_2.3?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-1:16.20.2-6.el9_2.3.ppc64le",
                "product": {
                  "name": "nodejs-libs-1:16.20.2-6.el9_2.3.ppc64le",
                  "product_id": "nodejs-libs-1:16.20.2-6.el9_2.3.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs@16.20.2-6.el9_2.3?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:8.19.4-1.16.20.2.6.el9_2.3.ppc64le",
                "product": {
                  "name": "npm-1:8.19.4-1.16.20.2.6.el9_2.3.ppc64le",
                  "product_id": "npm-1:8.19.4-1.16.20.2.6.el9_2.3.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@8.19.4-1.16.20.2.6.el9_2.3?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.20.2-6.el9_2.3.ppc64le",
                "product": {
                  "name": "nodejs-debugsource-1:16.20.2-6.el9_2.3.ppc64le",
                  "product_id": "nodejs-debugsource-1:16.20.2-6.el9_2.3.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.20.2-6.el9_2.3?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
                "product": {
                  "name": "nodejs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
                  "product_id": "nodejs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.20.2-6.el9_2.3?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
                "product": {
                  "name": "nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
                  "product_id": "nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@16.20.2-6.el9_2.3?arch=ppc64le\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.20.2-6.el9_2.3.x86_64",
                "product": {
                  "name": "nodejs-1:16.20.2-6.el9_2.3.x86_64",
                  "product_id": "nodejs-1:16.20.2-6.el9_2.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.20.2-6.el9_2.3?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:16.20.2-6.el9_2.3.x86_64",
                "product": {
                  "name": "nodejs-full-i18n-1:16.20.2-6.el9_2.3.x86_64",
                  "product_id": "nodejs-full-i18n-1:16.20.2-6.el9_2.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.20.2-6.el9_2.3?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-1:16.20.2-6.el9_2.3.x86_64",
                "product": {
                  "name": "nodejs-libs-1:16.20.2-6.el9_2.3.x86_64",
                  "product_id": "nodejs-libs-1:16.20.2-6.el9_2.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs@16.20.2-6.el9_2.3?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:8.19.4-1.16.20.2.6.el9_2.3.x86_64",
                "product": {
                  "name": "npm-1:8.19.4-1.16.20.2.6.el9_2.3.x86_64",
                  "product_id": "npm-1:8.19.4-1.16.20.2.6.el9_2.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@8.19.4-1.16.20.2.6.el9_2.3?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.20.2-6.el9_2.3.x86_64",
                "product": {
                  "name": "nodejs-debugsource-1:16.20.2-6.el9_2.3.x86_64",
                  "product_id": "nodejs-debugsource-1:16.20.2-6.el9_2.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.20.2-6.el9_2.3?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
                "product": {
                  "name": "nodejs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
                  "product_id": "nodejs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.20.2-6.el9_2.3?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
                "product": {
                  "name": "nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
                  "product_id": "nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@16.20.2-6.el9_2.3?arch=x86_64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-libs-1:16.20.2-6.el9_2.3.i686",
                "product": {
                  "name": "nodejs-libs-1:16.20.2-6.el9_2.3.i686",
                  "product_id": "nodejs-libs-1:16.20.2-6.el9_2.3.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs@16.20.2-6.el9_2.3?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.20.2-6.el9_2.3.i686",
                "product": {
                  "name": "nodejs-debugsource-1:16.20.2-6.el9_2.3.i686",
                  "product_id": "nodejs-debugsource-1:16.20.2-6.el9_2.3.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.20.2-6.el9_2.3?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.20.2-6.el9_2.3.i686",
                "product": {
                  "name": "nodejs-debuginfo-1:16.20.2-6.el9_2.3.i686",
                  "product_id": "nodejs-debuginfo-1:16.20.2-6.el9_2.3.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.20.2-6.el9_2.3?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.i686",
                "product": {
                  "name": "nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.i686",
                  "product_id": "nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@16.20.2-6.el9_2.3?arch=i686\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.20.2-6.el9_2.3.s390x",
                "product": {
                  "name": "nodejs-1:16.20.2-6.el9_2.3.s390x",
                  "product_id": "nodejs-1:16.20.2-6.el9_2.3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.20.2-6.el9_2.3?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:16.20.2-6.el9_2.3.s390x",
                "product": {
                  "name": "nodejs-full-i18n-1:16.20.2-6.el9_2.3.s390x",
                  "product_id": "nodejs-full-i18n-1:16.20.2-6.el9_2.3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.20.2-6.el9_2.3?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-1:16.20.2-6.el9_2.3.s390x",
                "product": {
                  "name": "nodejs-libs-1:16.20.2-6.el9_2.3.s390x",
                  "product_id": "nodejs-libs-1:16.20.2-6.el9_2.3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs@16.20.2-6.el9_2.3?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:8.19.4-1.16.20.2.6.el9_2.3.s390x",
                "product": {
                  "name": "npm-1:8.19.4-1.16.20.2.6.el9_2.3.s390x",
                  "product_id": "npm-1:8.19.4-1.16.20.2.6.el9_2.3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@8.19.4-1.16.20.2.6.el9_2.3?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.20.2-6.el9_2.3.s390x",
                "product": {
                  "name": "nodejs-debugsource-1:16.20.2-6.el9_2.3.s390x",
                  "product_id": "nodejs-debugsource-1:16.20.2-6.el9_2.3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.20.2-6.el9_2.3?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
                "product": {
                  "name": "nodejs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
                  "product_id": "nodejs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.20.2-6.el9_2.3?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
                "product": {
                  "name": "nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
                  "product_id": "nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@16.20.2-6.el9_2.3?arch=s390x\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-docs-1:16.20.2-6.el9_2.3.noarch",
                "product": {
                  "name": "nodejs-docs-1:16.20.2-6.el9_2.3.noarch",
                  "product_id": "nodejs-docs-1:16.20.2-6.el9_2.3.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-docs@16.20.2-6.el9_2.3?arch=noarch\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.20.2-6.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.aarch64"
        },
        "product_reference": "nodejs-1:16.20.2-6.el9_2.3.aarch64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.20.2-6.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.ppc64le"
        },
        "product_reference": "nodejs-1:16.20.2-6.el9_2.3.ppc64le",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.20.2-6.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.s390x"
        },
        "product_reference": "nodejs-1:16.20.2-6.el9_2.3.s390x",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.20.2-6.el9_2.3.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.src"
        },
        "product_reference": "nodejs-1:16.20.2-6.el9_2.3.src",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.20.2-6.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.x86_64"
        },
        "product_reference": "nodejs-1:16.20.2-6.el9_2.3.x86_64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.20.2-6.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.aarch64"
        },
        "product_reference": "nodejs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.20.2-6.el9_2.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.i686"
        },
        "product_reference": "nodejs-debuginfo-1:16.20.2-6.el9_2.3.i686",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le"
        },
        "product_reference": "nodejs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.20.2-6.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.s390x"
        },
        "product_reference": "nodejs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.20.2-6.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.x86_64"
        },
        "product_reference": "nodejs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.20.2-6.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.aarch64"
        },
        "product_reference": "nodejs-debugsource-1:16.20.2-6.el9_2.3.aarch64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.20.2-6.el9_2.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.i686"
        },
        "product_reference": "nodejs-debugsource-1:16.20.2-6.el9_2.3.i686",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.20.2-6.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.ppc64le"
        },
        "product_reference": "nodejs-debugsource-1:16.20.2-6.el9_2.3.ppc64le",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.20.2-6.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.s390x"
        },
        "product_reference": "nodejs-debugsource-1:16.20.2-6.el9_2.3.s390x",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.20.2-6.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.x86_64"
        },
        "product_reference": "nodejs-debugsource-1:16.20.2-6.el9_2.3.x86_64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-docs-1:16.20.2-6.el9_2.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-docs-1:16.20.2-6.el9_2.3.noarch"
        },
        "product_reference": "nodejs-docs-1:16.20.2-6.el9_2.3.noarch",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:16.20.2-6.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.aarch64"
        },
        "product_reference": "nodejs-full-i18n-1:16.20.2-6.el9_2.3.aarch64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:16.20.2-6.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.ppc64le"
        },
        "product_reference": "nodejs-full-i18n-1:16.20.2-6.el9_2.3.ppc64le",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:16.20.2-6.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.s390x"
        },
        "product_reference": "nodejs-full-i18n-1:16.20.2-6.el9_2.3.s390x",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:16.20.2-6.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.x86_64"
        },
        "product_reference": "nodejs-full-i18n-1:16.20.2-6.el9_2.3.x86_64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-1:16.20.2-6.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.aarch64"
        },
        "product_reference": "nodejs-libs-1:16.20.2-6.el9_2.3.aarch64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-1:16.20.2-6.el9_2.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.i686"
        },
        "product_reference": "nodejs-libs-1:16.20.2-6.el9_2.3.i686",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-1:16.20.2-6.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.ppc64le"
        },
        "product_reference": "nodejs-libs-1:16.20.2-6.el9_2.3.ppc64le",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-1:16.20.2-6.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.s390x"
        },
        "product_reference": "nodejs-libs-1:16.20.2-6.el9_2.3.s390x",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-1:16.20.2-6.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.x86_64"
        },
        "product_reference": "nodejs-libs-1:16.20.2-6.el9_2.3.x86_64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.aarch64"
        },
        "product_reference": "nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.i686"
        },
        "product_reference": "nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.i686",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le"
        },
        "product_reference": "nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.s390x"
        },
        "product_reference": "nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.x86_64"
        },
        "product_reference": "nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:8.19.4-1.16.20.2.6.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.aarch64"
        },
        "product_reference": "npm-1:8.19.4-1.16.20.2.6.el9_2.3.aarch64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:8.19.4-1.16.20.2.6.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.ppc64le"
        },
        "product_reference": "npm-1:8.19.4-1.16.20.2.6.el9_2.3.ppc64le",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:8.19.4-1.16.20.2.6.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.s390x"
        },
        "product_reference": "npm-1:8.19.4-1.16.20.2.6.el9_2.3.s390x",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:8.19.4-1.16.20.2.6.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.x86_64"
        },
        "product_reference": "npm-1:8.19.4-1.16.20.2.6.el9_2.3.x86_64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-22025",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2024-03-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270559"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The identified flaw in Node.js, which involves the fetch() function always decoding Brotli content regardless of its source, represents a moderate severity issue due to its potential to facilitate denial of service attacks through resource exhaustion. This vulnerability allows malicious actors to manipulate the URL parameter passed into fetch(), exploiting the consistent Brotli decoding behavior to overwhelm system memory resources. While the impact is constrained to process termination, its severity is moderated by the requirement for specific conditions, such as untrusted URLs and system configurations.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.aarch64",
          "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.ppc64le",
          "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.s390x",
          "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.src",
          "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.x86_64",
          "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
          "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.i686",
          "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
          "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
          "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
          "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.aarch64",
          "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.i686",
          "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.ppc64le",
          "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.s390x",
          "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.x86_64",
          "AppStream-9.2.0.Z.EUS:nodejs-docs-1:16.20.2-6.el9_2.3.noarch",
          "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.aarch64",
          "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.ppc64le",
          "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.s390x",
          "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.x86_64",
          "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.aarch64",
          "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.i686",
          "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.ppc64le",
          "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.s390x",
          "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.x86_64",
          "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
          "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.i686",
          "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
          "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
          "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
          "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.aarch64",
          "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.ppc64le",
          "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.s390x",
          "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-22025"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270559",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270559"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22025",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22025",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22025"
        }
      ],
      "release_date": "2024-03-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-07-16T12:49:03+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.src",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-docs-1:16.20.2-6.el9_2.3.noarch",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:4559"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.src",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-docs-1:16.20.2-6.el9_2.3.noarch",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.src",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-docs-1:16.20.2-6.el9_2.3.noarch",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service"
    },
    {
      "cve": "CVE-2024-25629",
      "cwe": {
        "id": "CWE-127",
        "name": "Buffer Under-read"
      },
      "discovery_date": "2024-02-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2265713"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "c-ares: Out of bounds read in ares__read_line()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat considers this a Low impact since this issue requires a specific configuration file to be configured incorrectly, meaning an attacker would need access to this configuration file to impact the server. This would normally correspond to an already compromised environment.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.aarch64",
          "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.ppc64le",
          "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.s390x",
          "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.src",
          "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.x86_64",
          "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
          "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.i686",
          "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
          "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
          "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
          "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.aarch64",
          "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.i686",
          "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.ppc64le",
          "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.s390x",
          "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.x86_64",
          "AppStream-9.2.0.Z.EUS:nodejs-docs-1:16.20.2-6.el9_2.3.noarch",
          "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.aarch64",
          "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.ppc64le",
          "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.s390x",
          "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.x86_64",
          "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.aarch64",
          "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.i686",
          "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.ppc64le",
          "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.s390x",
          "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.x86_64",
          "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
          "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.i686",
          "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
          "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
          "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
          "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.aarch64",
          "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.ppc64le",
          "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.s390x",
          "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-25629"
        },
        {
          "category": "external",
          "summary": "RHBZ#2265713",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265713"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-25629",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-25629",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25629"
        },
        {
          "category": "external",
          "summary": "https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q",
          "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q"
        }
      ],
      "release_date": "2024-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-07-16T12:49:03+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.src",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-docs-1:16.20.2-6.el9_2.3.noarch",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:4559"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.src",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-docs-1:16.20.2-6.el9_2.3.noarch",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.src",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-docs-1:16.20.2-6.el9_2.3.noarch",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "c-ares: Out of bounds read in ares__read_line()"
    },
    {
      "cve": "CVE-2024-27982",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2024-04-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2275392"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: HTTP Request Smuggling via Content Length Obfuscation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The HTTP request smuggling vulnerability in Node.js, stemming from Content-Length header obfuscation, is categorized as moderate severity due to its potential impact on the security and integrity of web applications. While the vulnerability can allow for the smuggling of secondary HTTP requests, leading to potential bypassing of security controls and injection of malicious content, its exploitation requires specific conditions and configurations to be met. Successful exploitation relies on the server\u0027s handling of malformed headers and the presence of web caching mechanisms susceptible to poisoning. Though the risk is notable and could facilitate attacks like XSS and cache poisoning, its moderate severity status suggests that while it warrants attention and mitigation, it might not pose an immediate, widespread threat under all circumstances.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.aarch64",
          "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.ppc64le",
          "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.s390x",
          "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.src",
          "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.x86_64",
          "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
          "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.i686",
          "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
          "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
          "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
          "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.aarch64",
          "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.i686",
          "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.ppc64le",
          "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.s390x",
          "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.x86_64",
          "AppStream-9.2.0.Z.EUS:nodejs-docs-1:16.20.2-6.el9_2.3.noarch",
          "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.aarch64",
          "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.ppc64le",
          "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.s390x",
          "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.x86_64",
          "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.aarch64",
          "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.i686",
          "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.ppc64le",
          "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.s390x",
          "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.x86_64",
          "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
          "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.i686",
          "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
          "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
          "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
          "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.aarch64",
          "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.ppc64le",
          "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.s390x",
          "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-27982"
        },
        {
          "category": "external",
          "summary": "RHBZ#2275392",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275392"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-27982",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases",
          "url": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases"
        }
      ],
      "release_date": "2024-04-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-07-16T12:49:03+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.src",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-docs-1:16.20.2-6.el9_2.3.noarch",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:4559"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.src",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-docs-1:16.20.2-6.el9_2.3.noarch",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.src",
            "AppStream-9.2.0.Z.EUS:nodejs-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-docs-1:16.20.2-6.el9_2.3.noarch",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.i686",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:nodejs-libs-debuginfo-1:16.20.2-6.el9_2.3.x86_64",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.aarch64",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.ppc64le",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.s390x",
            "AppStream-9.2.0.Z.EUS:npm-1:8.19.4-1.16.20.2.6.el9_2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: HTTP Request Smuggling via Content Length Obfuscation"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-27982 (GCVE-0-2024-27982)

Tags

Sightings

Nomenclature