SUSE update for nodejs18



Published: 2024-04-16
Risk Medium
Patch available YES
Number of vulnerabilities 5
CVE-ID CVE-2024-24806
CVE-2024-27982
CVE-2024-27983
CVE-2024-30260
CVE-2024-30261
CWE-ID CWE-918
CWE-444
CWE-617
CWE-200
CWE-345
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Web and Scripting Module
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications 12
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 12
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing 12
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications
Operating systems & Components / Operating system

SUSE Linux Enterprise Server
Operating systems & Components / Operating system

nodejs18-docs
Operating systems & Components / Operating system package or component

nodejs18
Operating systems & Components / Operating system package or component

npm18
Operating systems & Components / Operating system package or component

nodejs18-debugsource
Operating systems & Components / Operating system package or component

nodejs18-devel
Operating systems & Components / Operating system package or component

nodejs18-debuginfo
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) Server-Side Request Forgery (SSRF)

EUVDB-ID: #VU86707

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-24806

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input when handling hostnames longer than 256 characters within the uv_getaddrinfo() function in src/unix/getaddrinfo.c and its windows counterpart src/win/getaddrinfo.c. A remote attacker can pass a specially crafted hostname to the application, which can be resolved to an attacker controlled IP address and initiate unauthorized requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.

Mitigation

Update the affected package nodejs18 to the latest version.

Vulnerable software versions

Web and Scripting Module: 12

SUSE Linux Enterprise Server for SAP Applications 12: SP1 - SP5

SUSE Linux Enterprise Server 12: SP1 - SP5

SUSE Linux Enterprise High Performance Computing 12: SP2 - SP5

SUSE Linux Enterprise Server for SAP Applications: 12-SP4

SUSE Linux Enterprise Server: 12-SP2-LTSS-ERICSSON

nodejs18-docs: before 18.20.1-8.21.1

nodejs18: before 18.20.1-8.21.1

npm18: before 18.20.1-8.21.1

nodejs18-debugsource: before 18.20.1-8.21.1

nodejs18-devel: before 18.20.1-8.21.1

nodejs18-debuginfo: before 18.20.1-8.21.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241307-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU88176

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27982

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

Mitigation

Update the affected package nodejs18 to the latest version.

Vulnerable software versions

Web and Scripting Module: 12

SUSE Linux Enterprise Server for SAP Applications 12: SP1 - SP5

SUSE Linux Enterprise Server 12: SP1 - SP5

SUSE Linux Enterprise High Performance Computing 12: SP2 - SP5

SUSE Linux Enterprise Server for SAP Applications: 12-SP4

SUSE Linux Enterprise Server: 12-SP2-LTSS-ERICSSON

nodejs18-docs: before 18.20.1-8.21.1

nodejs18: before 18.20.1-8.21.1

npm18: before 18.20.1-8.21.1

nodejs18-debugsource: before 18.20.1-8.21.1

nodejs18-devel: before 18.20.1-8.21.1

nodejs18-debuginfo: before 18.20.1-8.21.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241307-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Reachable Assertion

EUVDB-ID: #VU88175

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27983

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when handling HTTP/2 packets. A remote attacker can send a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside and perform a denial of service (DoS) attack.

Mitigation

Update the affected package nodejs18 to the latest version.

Vulnerable software versions

Web and Scripting Module: 12

SUSE Linux Enterprise Server for SAP Applications 12: SP1 - SP5

SUSE Linux Enterprise Server 12: SP1 - SP5

SUSE Linux Enterprise High Performance Computing 12: SP2 - SP5

SUSE Linux Enterprise Server for SAP Applications: 12-SP4

SUSE Linux Enterprise Server: 12-SP2-LTSS-ERICSSON

nodejs18-docs: before 18.20.1-8.21.1

nodejs18: before 18.20.1-8.21.1

npm18: before 18.20.1-8.21.1

nodejs18-debugsource: before 18.20.1-8.21.1

nodejs18-devel: before 18.20.1-8.21.1

nodejs18-debuginfo: before 18.20.1-8.21.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241307-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Information disclosure

EUVDB-ID: #VU88177

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-30260

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the application clears Authorization and Proxy-Authorization headers during cross-origin redirects for the fetch() method, however does not clear them for the undici.request() method, which can leak sensitive information to an unauthorized party.

Mitigation

Update the affected package nodejs18 to the latest version.

Vulnerable software versions

Web and Scripting Module: 12

SUSE Linux Enterprise Server for SAP Applications 12: SP1 - SP5

SUSE Linux Enterprise Server 12: SP1 - SP5

SUSE Linux Enterprise High Performance Computing 12: SP2 - SP5

SUSE Linux Enterprise Server for SAP Applications: 12-SP4

SUSE Linux Enterprise Server: 12-SP2-LTSS-ERICSSON

nodejs18-docs: before 18.20.1-8.21.1

nodejs18: before 18.20.1-8.21.1

npm18: before 18.20.1-8.21.1

nodejs18-debugsource: before 18.20.1-8.21.1

nodejs18-devel: before 18.20.1-8.21.1

nodejs18-debuginfo: before 18.20.1-8.21.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241307-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Insufficient verification of data authenticity

EUVDB-ID: #VU88178

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-30261

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to the application does not verify authenticity of data. A remote attacker can alter the "integrity" option passed to fetch(), allowing fetch() to accept requests as valid even if they have been tampered.

Mitigation

Update the affected package nodejs18 to the latest version.

Vulnerable software versions

Web and Scripting Module: 12

SUSE Linux Enterprise Server for SAP Applications 12: SP1 - SP5

SUSE Linux Enterprise Server 12: SP1 - SP5

SUSE Linux Enterprise High Performance Computing 12: SP2 - SP5

SUSE Linux Enterprise Server for SAP Applications: 12-SP4

SUSE Linux Enterprise Server: 12-SP2-LTSS-ERICSSON

nodejs18-docs: before 18.20.1-8.21.1

nodejs18: before 18.20.1-8.21.1

npm18: before 18.20.1-8.21.1

nodejs18-debugsource: before 18.20.1-8.21.1

nodejs18-devel: before 18.20.1-8.21.1

nodejs18-debuginfo: before 18.20.1-8.21.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241307-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###