|
Lines 1-3
Link Here
|
|
|
1 |
<vuln vid="895895a6-c56b-4a4e-836b-3777e7b1e7f5"> |
| 2 |
<topic>nodejs -- September 22nd 2022 Security Releases</topic> |
| 3 |
<affects> |
| 4 |
<package> |
| 5 |
<name>node18</name> |
| 6 |
<range><lt>18.9.1</lt></range> |
| 7 |
</package> |
| 8 |
<package> |
| 9 |
<name>node16</name> |
| 10 |
<range><lt>16.17.1</lt></range> |
| 11 |
</package> |
| 12 |
<package> |
| 13 |
<name>node14</name> |
| 14 |
<range><lt>14.20.1</lt></range> |
| 15 |
</package> |
| 16 |
</affects> |
| 17 |
<description> |
| 18 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
| 19 |
<p>nodejs project reports:</p> |
| 20 |
<blockquote cite="https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#2022-09-23-version-1891-current-rafaelgss"> |
| 21 |
<h4>node18</h4> |
| 22 |
<p>CVE-2022-32212: DNS rebinding in --inspect on macOS (High)</p> |
| 23 |
<p>CVE-2022-32222: Node 18 reads openssl.cnf from /home/iojs/build/ upon startup on MacOS (Medium)</p> |
| 24 |
<p>CVE-2022-32213: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)</p> |
| 25 |
<p>CVE-2022-32215: HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)</p> |
| 26 |
<p>CVE-2022-35255: Weak randomness in WebCrypto keygen</p> |
| 27 |
<p>CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)</p> |
| 28 |
</blockquote> |
| 29 |
<blockquote cite="https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V16.md#2022-09-23-version-16171-gallium-lts-ruyadorno"> |
| 30 |
<h4>node16</h4> |
| 31 |
<p>CVE-2022-32212: DNS rebinding in --inspect on macOS (High)</p> |
| 32 |
<p>CVE-2022-32213: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)</p> |
| 33 |
<p>CVE-2022-35255: Weak randomness in WebCrypto keygen</p> |
| 34 |
<p>CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)</p> |
| 35 |
</blockquote> |
| 36 |
<blockquote cite="https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V14.md#14.20.1"> |
| 37 |
<h4>node14</h4> |
| 38 |
<p>CVE-2022-32212: DNS rebinding in --inspect on macOS (High)</p> |
| 39 |
<p>CVE-2022-32213: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)</p> |
| 40 |
<p>CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)</p> |
| 41 |
</blockquote> |
| 42 |
</body> |
| 43 |
</description> |
| 44 |
<references> |
| 45 |
<cvename>CVE-2022-32212</cvename> |
| 46 |
<cvename>CVE-2022-32222</cvename> |
| 47 |
<cvename>CVE-2022-32213</cvename> |
| 48 |
<cvename>CVE-2022-32215</cvename> |
| 49 |
<cvename>CVE-2022-32255</cvename> |
| 50 |
<cvename>CVE-2022-32256</cvename> |
| 51 |
<url>https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#2022-09-23-version-1891-current-rafaelgss</url> |
| 52 |
<url>https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V16.md#2022-09-23-version-16171-gallium-lts-ruyadorno</url> |
| 53 |
<url>https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V14.md#14.20.1</url> |
| 54 |
</references> |
| 55 |
<dates> |
| 56 |
<discovery>2022-09-23</discovery> |
| 57 |
<entry>2022-09-25</entry> |
| 58 |
</dates> |
| 59 |
</vuln> |
| 60 |
|
| 1 |
<vuln vid="f1f637d1-39eb-11ed-ab44-080027f5fec9"> |
61 |
<vuln vid="f1f637d1-39eb-11ed-ab44-080027f5fec9"> |
| 2 |
<topic>redis -- Potential remote code execution vulnerability</topic> |
62 |
<topic>redis -- Potential remote code execution vulnerability</topic> |
| 3 |
<affects> |
63 |
<affects> |
| 4 |
- |
|
|