Showing 1 - 3 of 3

CVE-2023-24807

Status Candidate

Overview

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.

Related Files

Red Hat Security Advisory 2023-5533-01: Posted Oct 10, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-5533-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs. Issues addressed include HTTP request smuggling, buffer overflow, bypass, crlf injection, and denial of service vulnerabilities.; tags | advisory, web, denial of service, overflow, javascript, vulnerability; systems | linux, redhat; advisories | CVE-2022-25881, CVE-2022-4904, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807, CVE-2023-30581, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-32002, CVE-2023-32006, CVE-2023-32559; SHA-256 | a1de4803284127ae04070476723bb3381abb23fa8706dae7ab1c90bb1713980b; Download | Favorite | View

Red Hat Security Advisory 2023-2654-01: Posted May 10, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-2654-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow, bypass, crlf injection, and denial of service vulnerabilities.; tags | advisory, denial of service, overflow, javascript, vulnerability; systems | linux, redhat; advisories | CVE-2021-35065, CVE-2022-25881, CVE-2022-4904, CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807; SHA-256 | 4e7a13c72b1bbe26649f90f2ee5c748667dc190692c7389ff21e92530336c9f3; Download | Favorite | View

Red Hat Security Advisory 2023-2655-01: Posted May 10, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-2655-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow, bypass, crlf injection, and denial of service vulnerabilities.; tags | advisory, denial of service, overflow, javascript, vulnerability; systems | linux, redhat; advisories | CVE-2022-25881, CVE-2022-4904, CVE-2023-23918, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807; SHA-256 | 812f3378f3e6c1833158a97cad774a26513a32be88e668163955d219a846d53f; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 292 files
Ubuntu 66 files
Debian 33 files
Gentoo 28 files
LiquidWorm 10 files
nu11secur1ty 7 files
Adam Gowdiak 4 files
kai6u 3 files
liquidsky 3 files
malvuln 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,036)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,495)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,555)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,729)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,487)
UNIX (9,397)
UnixWare (187)
Windows (6,656)
Other

CVE-2023-24807

Overview

Related Files

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems