Showing 1 - 3 of 3

CVE-2023-24807

Status Candidate

Overview

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.

Related Files

Red Hat Security Advisory 2023-5533-01: Posted Oct 10, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-5533-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs. Issues addressed include HTTP request smuggling, buffer overflow, bypass, crlf injection, and denial of service vulnerabilities.; tags | advisory, web, denial of service, overflow, javascript, vulnerability; systems | linux, redhat; advisories | CVE-2022-25881, CVE-2022-4904, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807, CVE-2023-30581, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-32002, CVE-2023-32006, CVE-2023-32559; SHA-256 | a1de4803284127ae04070476723bb3381abb23fa8706dae7ab1c90bb1713980b; Download | Favorite | View

Red Hat Security Advisory 2023-2654-01: Posted May 10, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-2654-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow, bypass, crlf injection, and denial of service vulnerabilities.; tags | advisory, denial of service, overflow, javascript, vulnerability; systems | linux, redhat; advisories | CVE-2021-35065, CVE-2022-25881, CVE-2022-4904, CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807; SHA-256 | 4e7a13c72b1bbe26649f90f2ee5c748667dc190692c7389ff21e92530336c9f3; Download | Favorite | View

Red Hat Security Advisory 2023-2655-01: Posted May 10, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-2655-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow, bypass, crlf injection, and denial of service vulnerabilities.; tags | advisory, denial of service, overflow, javascript, vulnerability; systems | linux, redhat; advisories | CVE-2022-25881, CVE-2022-4904, CVE-2023-23918, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807; SHA-256 | 812f3378f3e6c1833158a97cad774a26513a32be88e668163955d219a846d53f; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 306 files
indoushka 132 files
Ubuntu 94 files
Gentoo 32 files
Debian 24 files
LiquidWorm 18 files
malvuln 8 files
Google Security Research 8 files
verylazytech 3 files
Seth Jenkins 3 files

File Archives

Systems

AIX (430)
Apple (2,117)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,144)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (391)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,627)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,101)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,931)
UNIX (9,469)
UnixWare (188)
Windows (6,784)
Other

CVE-2023-24807

Overview

Related Files

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems