[Apollo]

Advisories

Statistics

Login

RLSA-2024:5815

Security

Mirrored from RHSA-2024:5815

Issued at: 2024-09-17

Updated at: 2025-10-17

Synopsis

Moderate: nodejs:20 security update

Description

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

Security Fix(es):

* nodejs: Bypass network import restriction via data URL (CVE-2024-22020)

* nodejs: fs.lstat bypasses permission model (CVE-2024-22018)

* nodejs: fs.fchown/fchmod bypasses permission model (CVE-2024-36137)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 9.6 aarch64

Rocky Linux 9.6 ppc64le

Rocky Linux 9.6 s390x

Rocky Linux 9.6 x86_64

Fixes

2296417

2296990

2299281

CVEs

Affected packages

Rocky Linux 9.6 aarch64 - AppStream

nodejs-nodemon-0:3.0.1-1.module+el9.6.0+32494+726e9034.noarch.rpm

nodejs-nodemon-0:3.0.1-1.module+el9.6.0+32494+726e9034.src.rpm

nodejs-packaging-0:2021.06-4.module+el9.6.0+32494+726e9034.noarch.rpm

nodejs-packaging-0:2021.06-4.module+el9.6.0+32494+726e9034.src.rpm

nodejs-packaging-bundler-0:2021.06-4.module+el9.6.0+32494+726e9034.noarch.rpm

nodejs-nodemon-0:3.0.1-1.module+el9.6.0+32185+bd121a25.noarch.rpm

nodejs-nodemon-0:3.0.1-1.module+el9.6.0+32143+ae966e5b.noarch.rpm

nodejs-nodemon-0:3.0.1-1.module+el9.6.0+32143+ae966e5b.src.rpm

nodejs-nodemon-0:3.0.1-1.module+el9.6.0+32185+bd121a25.src.rpm

nodejs-packaging-0:2021.06-4.module+el9.6.0+32143+ae966e5b.noarch.rpm

nodejs-packaging-0:2021.06-4.module+el9.6.0+32185+bd121a25.noarch.rpm

nodejs-packaging-0:2021.06-4.module+el9.6.0+32143+ae966e5b.src.rpm

nodejs-packaging-0:2021.06-4.module+el9.6.0+32185+bd121a25.src.rpm

nodejs-packaging-bundler-0:2021.06-4.module+el9.6.0+32143+ae966e5b.noarch.rpm

nodejs-packaging-bundler-0:2021.06-4.module+el9.6.0+32185+bd121a25.noarch.rpm

Rocky Linux 9.6 ppc64le - AppStream

nodejs-nodemon-0:3.0.1-1.module+el9.6.0+32494+726e9034.noarch.rpm

nodejs-nodemon-0:3.0.1-1.module+el9.6.0+32494+726e9034.src.rpm

nodejs-packaging-0:2021.06-4.module+el9.6.0+32494+726e9034.noarch.rpm

nodejs-packaging-0:2021.06-4.module+el9.6.0+32494+726e9034.src.rpm

nodejs-packaging-bundler-0:2021.06-4.module+el9.6.0+32494+726e9034.noarch.rpm

nodejs-nodemon-0:3.0.1-1.module+el9.6.0+32143+ae966e5b.noarch.rpm

nodejs-nodemon-0:3.0.1-1.module+el9.6.0+32185+bd121a25.noarch.rpm

nodejs-nodemon-0:3.0.1-1.module+el9.6.0+32143+ae966e5b.src.rpm

nodejs-nodemon-0:3.0.1-1.module+el9.6.0+32185+bd121a25.src.rpm

nodejs-packaging-0:2021.06-4.module+el9.6.0+32143+ae966e5b.noarch.rpm

nodejs-packaging-0:2021.06-4.module+el9.6.0+32185+bd121a25.noarch.rpm

nodejs-packaging-0:2021.06-4.module+el9.6.0+32143+ae966e5b.src.rpm

nodejs-packaging-0:2021.06-4.module+el9.6.0+32185+bd121a25.src.rpm

nodejs-packaging-bundler-0:2021.06-4.module+el9.6.0+32185+bd121a25.noarch.rpm

nodejs-packaging-bundler-0:2021.06-4.module+el9.6.0+32143+ae966e5b.noarch.rpm

Rocky Linux 9.6 s390x - AppStream

nodejs-nodemon-0:3.0.1-1.module+el9.6.0+32494+726e9034.noarch.rpm

nodejs-nodemon-0:3.0.1-1.module+el9.6.0+32494+726e9034.src.rpm

nodejs-packaging-0:2021.06-4.module+el9.6.0+32494+726e9034.noarch.rpm

nodejs-packaging-0:2021.06-4.module+el9.6.0+32494+726e9034.src.rpm

nodejs-packaging-bundler-0:2021.06-4.module+el9.6.0+32494+726e9034.noarch.rpm

nodejs-nodemon-0:3.0.1-1.module+el9.6.0+32143+ae966e5b.noarch.rpm

nodejs-nodemon-0:3.0.1-1.module+el9.6.0+32185+bd121a25.noarch.rpm

nodejs-nodemon-0:3.0.1-1.module+el9.6.0+32143+ae966e5b.src.rpm

nodejs-nodemon-0:3.0.1-1.module+el9.6.0+32185+bd121a25.src.rpm

nodejs-packaging-0:2021.06-4.module+el9.6.0+32143+ae966e5b.noarch.rpm

nodejs-packaging-0:2021.06-4.module+el9.6.0+32185+bd121a25.noarch.rpm

nodejs-packaging-0:2021.06-4.module+el9.6.0+32143+ae966e5b.src.rpm

nodejs-packaging-0:2021.06-4.module+el9.6.0+32185+bd121a25.src.rpm

nodejs-packaging-bundler-0:2021.06-4.module+el9.6.0+32143+ae966e5b.noarch.rpm

nodejs-packaging-bundler-0:2021.06-4.module+el9.6.0+32185+bd121a25.noarch.rpm

Rocky Linux 9.6 x86_64 - AppStream

nodejs-nodemon-0:3.0.1-1.module+el9.6.0+32494+726e9034.noarch.rpm

nodejs-nodemon-0:3.0.1-1.module+el9.6.0+32494+726e9034.src.rpm

nodejs-packaging-0:2021.06-4.module+el9.6.0+32494+726e9034.noarch.rpm

nodejs-packaging-0:2021.06-4.module+el9.6.0+32494+726e9034.src.rpm

nodejs-packaging-bundler-0:2021.06-4.module+el9.6.0+32494+726e9034.noarch.rpm

nodejs-nodemon-0:3.0.1-1.module+el9.6.0+32143+ae966e5b.noarch.rpm

nodejs-nodemon-0:3.0.1-1.module+el9.6.0+32185+bd121a25.noarch.rpm

nodejs-nodemon-0:3.0.1-1.module+el9.6.0+32185+bd121a25.src.rpm

nodejs-nodemon-0:3.0.1-1.module+el9.6.0+32143+ae966e5b.src.rpm

nodejs-packaging-0:2021.06-4.module+el9.6.0+32143+ae966e5b.noarch.rpm

nodejs-packaging-0:2021.06-4.module+el9.6.0+32185+bd121a25.noarch.rpm

nodejs-packaging-0:2021.06-4.module+el9.6.0+32143+ae966e5b.src.rpm

nodejs-packaging-0:2021.06-4.module+el9.6.0+32185+bd121a25.src.rpm

nodejs-packaging-bundler-0:2021.06-4.module+el9.6.0+32143+ae966e5b.noarch.rpm

nodejs-packaging-bundler-0:2021.06-4.module+el9.6.0+32185+bd121a25.noarch.rpm