What security issues are addressed in RHSA-2022:6448?

RHSA-2022:6448 addresses a DNS rebinding vulnerability and an HTTP request smuggling issue in Node.js.

What versions of Node.js are affected by RHSA-2022:6448?

Node.js versions prior to 14.20.0-2.module+el8.6.0+16231+7c1b33d9 are affected by RHSA-2022:6448.

How can I resolve the vulnerabilities listed in RHSA-2022:6448?

To resolve the vulnerabilities in RHSA-2022:6448, upgrade to the patched version 14.20.0-2.module+el8.6.0+16231+7c1b33d9 or later.

Is there a risk of exploitation from vulnerabilities mentioned in RHSA-2022:6448?

Yes, the vulnerabilities mentioned in RHSA-2022:6448 can potentially be exploited if not patched.

What is the recommended action for users of Node.js regarding RHSA-2022:6448?

Users of Node.js should upgrade to the latest recommended version as specified in RHSA-2022:6448 to mitigate security risks.

Vulnerability/
RHSA-2022:6448

13/9/2022

23/3/2024

RHSA-2022:6448: Moderate: nodejs:14 security and bug fix update

First published: Tue Sep 13 2022(Updated: )

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. <br>Security Fix(es):<br><li> nodejs: DNS rebinding in --inspect via invalid IP addresses (CVE-2022-32212)</li> <li> nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding (CVE-2022-32213)</li> <li> nodejs: HTTP request smuggling due to improper delimiting of header fields (CVE-2022-32214)</li> <li> nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (CVE-2022-32215)</li> <li> got: missing verification of requested URLs allows redirects to UNIX sockets (CVE-2022-33987)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Bug Fix(es):<br><li> nodejs:14/nodejs: rebase to latest upstream release (BZ#2106367)</li> <li> nodejs:14/nodejs: Specify --with-default-icu-data-dir when using bootstrap build (BZ#2111417)</li>

Never miss a vulnerability like this again

Reference Links

https://access.redhat.com/errata/RHSA-2022:6448 (Advisory)

Frequently Asked Questions

What security issues are addressed in RHSA-2022:6448?
RHSA-2022:6448 addresses a DNS rebinding vulnerability and an HTTP request smuggling issue in Node.js.
What versions of Node.js are affected by RHSA-2022:6448?
Node.js versions prior to 14.20.0-2.module+el8.6.0+16231+7c1b33d9 are affected by RHSA-2022:6448.
How can I resolve the vulnerabilities listed in RHSA-2022:6448?
To resolve the vulnerabilities in RHSA-2022:6448, upgrade to the patched version 14.20.0-2.module+el8.6.0+16231+7c1b33d9 or later.
Is there a risk of exploitation from vulnerabilities mentioned in RHSA-2022:6448?
Yes, the vulnerabilities mentioned in RHSA-2022:6448 can potentially be exploited if not patched.
What is the recommended action for users of Node.js regarding RHSA-2022:6448?
Users of Node.js should upgrade to the latest recommended version as specified in RHSA-2022:6448 to mitigate security risks.

agent/severity
agent/type
agent/softwarecombine
agent/last-modified-date
agent/first-publish-date
agent/title
agent/description
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2022:6448
agent/software-canonical-lookup
agent/references
agent/tags
agent/remedy
agent/event
agent/source
package-manager/redhat