mickmick.net

Node.js Multiple Vulnerabilities

Release Date: 15 Feb 2024

RISK: Medium Risk

TYPE: Servers - Other Servers

Multiple vulnerabilities have been identified in Node.js. A remote attacker can exploit these vulnerabilities to trigger denial of service, security restriction bypass, elevation of privilege and sensitive information disclosure on the targeted system.

---

Impact

• Security Restriction Bypass
• Information Disclosure
• Denial of Service
• Elevation of Privilege

---

System / Technologies affected

• Node.js versions prior to 18.19.1 (LTS)
• Node.js versions prior to 20.11.1 (LTS)
• Node.js versions prior to 21.6.2 (Current)

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

• Update to Node.js version 18.19.1 (LTS)
• Update to Node.js version 20.11.1 (LTS) 
• Update to Node.js version 21.6.2 (Current)

---

Vulnerability Identifier

• CVE-2023-46809
• CVE-2024-21890
• CVE-2024-21891
• CVE-2024-21892
• CVE-2024-21896
• CVE-2024-22017
• CVE-2024-22019
• CVE-2024-22025

---

Source

• nodejs

---

Related Link

• https://nodejs.org/en/blog/vulnerability/february-2024-security-releases
• https://nodejs.org/en/blog/release/v18.19.1
• https://nodejs.org/en/blog/release/v20.11.1
• https://nodejs.org/en/blog/release/v21.6.2