Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2025-22150
Vulnerability from cvelistv5
Published
2025-01-21 17:46
Modified
2025-02-12 20:41
Severity ?
EPSS score ?
Summary
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22150",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T18:34:22.789606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:41:22.041Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "undici",
"vendor": "nodejs",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.5.0, \u003c 5.28.5"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.21.1"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330: Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T17:46:58.872Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"name": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"name": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"name": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"name": "https://hackerone.com/reports/2913312",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/2913312"
},
{
"name": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"name": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
}
],
"source": {
"advisory": "GHSA-c76h-2ccp-4975",
"discovery": "UNKNOWN"
},
"title": "Undici Uses Insufficiently Random Values"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-22150",
"datePublished": "2025-01-21T17:46:58.872Z",
"dateReserved": "2024-12-30T03:00:33.654Z",
"dateUpdated": "2025-02-12T20:41:22.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-22150\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-01-21T18:15:14.887\",\"lastModified\":\"2025-01-21T18:15:14.887\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-330\"}]}],\"references\":[{\"url\":\"https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://hackerone.com/reports/2913312\",\"source\":\"security-advisories@github.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-22150\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-21T18:34:22.789606Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-12T20:33:10.324Z\"}}], \"cna\": {\"title\": \"Undici Uses Insufficiently Random Values\", \"source\": {\"advisory\": \"GHSA-c76h-2ccp-4975\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"nodejs\", \"product\": \"undici\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 4.5.0, \u003c 5.28.5\"}, {\"status\": \"affected\", \"version\": \"\u003e= 6.0.0, \u003c 6.21.1\"}, {\"status\": \"affected\", \"version\": \"\u003e= 7.0.0, \u003c 7.2.3\"}]}], \"references\": [{\"url\": \"https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975\", \"name\": \"https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0\", \"name\": \"https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a\", \"name\": \"https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385\", \"name\": \"https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://hackerone.com/reports/2913312\", \"name\": \"https://hackerone.com/reports/2913312\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f\", \"name\": \"https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113\", \"name\": \"https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-330\", \"description\": \"CWE-330: Use of Insufficiently Random Values\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-01-21T17:46:58.872Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-22150\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-12T20:41:22.041Z\", \"dateReserved\": \"2024-12-30T03:00:33.654Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-01-21T17:46:58.872Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
rhsa-2025:1446
Vulnerability from csaf_redhat
Published
2025-02-13 16:03
Modified
2025-02-17 20:02
Summary
Red Hat Security Advisory: nodejs:18 security update
Notes
Topic
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)\n\n* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1446",
"url": "https://access.redhat.com/errata/RHSA-2025:1446"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1446.json"
}
],
"title": "Red Hat Security Advisory: nodejs:18 security update",
"tracking": {
"current_release_date": "2025-02-17T20:02:11+00:00",
"generator": {
"date": "2025-02-17T20:02:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.1"
}
},
"id": "RHSA-2025:1446",
"initial_release_date": "2025-02-13T16:03:15+00:00",
"revision_history": [
{
"date": "2025-02-13T16:03:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-13T16:03:15+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-17T20:02:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs:18:9050020250206154514:rhel9",
"product": {
"name": "nodejs:18:9050020250206154514:rhel9",
"product_id": "nodejs:18:9050020250206154514:rhel9",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/nodejs@18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch",
"product": {
"name": "nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch",
"product_id": "nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"product_id": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.5.0%2B22773%2B9a359385?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel9.5.0%2B22773%2B9a359385?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src",
"product": {
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src",
"product_id": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=src"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src",
"product_id": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.5.0%2B22773%2B9a359385?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"product": {
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"product_id": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"product": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"product_id": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"product": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"product_id": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"product": {
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"product_id": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"product": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"product_id": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64",
"product": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64",
"product_id": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel9.5.0%2B22773%2B9a359385?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"product": {
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"product_id": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"product": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"product_id": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"product": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"product_id": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"product": {
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"product_id": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"product": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"product_id": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le",
"product": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le",
"product_id": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel9.5.0%2B22773%2B9a359385?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"product": {
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"product_id": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"product": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"product_id": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"product": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"product_id": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"product": {
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"product_id": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"product": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"product_id": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x",
"product": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x",
"product_id": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel9.5.0%2B22773%2B9a359385?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"product": {
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"product_id": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"product": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"product_id": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"product": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"product_id": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"product": {
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"product_id": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"product": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"product_id": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64",
"product": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64",
"product_id": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel9.5.0%2B22773%2B9a359385?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
"product_reference": "nodejs:18:9050020250206154514:rhel9",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64 as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64"
},
"product_reference": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le"
},
"product_reference": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x"
},
"product_reference": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src"
},
"product_reference": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64 as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64"
},
"product_reference": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64 as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64"
},
"product_reference": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le"
},
"product_reference": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x"
},
"product_reference": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64 as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64"
},
"product_reference": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64 as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64"
},
"product_reference": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le"
},
"product_reference": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x"
},
"product_reference": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64 as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64"
},
"product_reference": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64 as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64"
},
"product_reference": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le"
},
"product_reference": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x"
},
"product_reference": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64 as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64"
},
"product_reference": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch"
},
"product_reference": "nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64 as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64"
},
"product_reference": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le"
},
"product_reference": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x"
},
"product_reference": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64 as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64"
},
"product_reference": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64 as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64"
},
"product_reference": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le"
},
"product_reference": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x"
},
"product_reference": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64 as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64"
},
"product_reference": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-13T16:03:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1446"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-23085",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-28T17:23:01.915000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342618"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "RHBZ#2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085"
}
],
"release_date": "2025-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-13T16:03:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1446"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation for this issue other than updating to the package version which contains the fix.",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap"
}
]
}
rhsa-2025:1351
Vulnerability from csaf_redhat
Published
2025-02-12 15:32
Modified
2025-02-17 20:11
Summary
Red Hat Security Advisory: nodejs:20 security update
Notes
Topic
An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)
* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)\n\n* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)\n\n* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1351",
"url": "https://access.redhat.com/errata/RHSA-2025:1351"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1351.json"
}
],
"title": "Red Hat Security Advisory: nodejs:20 security update",
"tracking": {
"current_release_date": "2025-02-17T20:11:00+00:00",
"generator": {
"date": "2025-02-17T20:11:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.1"
}
},
"id": "RHSA-2025:1351",
"initial_release_date": "2025-02-12T15:32:22+00:00",
"revision_history": [
{
"date": "2025-02-12T15:32:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-12T15:32:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-17T20:11:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs:20:8100020250203134842:489197e6",
"product": {
"name": "nodejs:20:8100020250203134842:489197e6",
"product_id": "nodejs:20:8100020250203134842:489197e6",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/nodejs@20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"product": {
"name": "nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"product_id": "nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"product_id": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"product": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"product_id": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=src"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"product_id": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product_id": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product_id": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_id": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_id": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product_id": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product_id": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product_id": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product_id": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
"product_reference": "nodejs:20:8100020250203134842:489197e6",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64"
},
"product_reference": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le"
},
"product_reference": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x"
},
"product_reference": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src"
},
"product_reference": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64"
},
"product_reference": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch"
},
"product_reference": "nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-12T15:32:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1351"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-23083",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-01-22T02:00:43.830080+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23083"
},
{
"category": "external",
"summary": "RHBZ#2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases"
}
],
"release_date": "2025-01-22T01:11:30.802000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-12T15:32:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1351"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel"
},
{
"cve": "CVE-2025-23085",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-28T17:23:01.915000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342618"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "RHBZ#2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085"
}
],
"release_date": "2025-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-12T15:32:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1351"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation for this issue other than updating to the package version which contains the fix.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap"
}
]
}
rhsa-2025:1611
Vulnerability from csaf_redhat
Published
2025-02-17 18:04
Modified
2025-02-17 20:11
Summary
Red Hat Security Advisory: nodejs:22 security update
Notes
Topic
An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)
* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)\n\n* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)\n\n* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1611",
"url": "https://access.redhat.com/errata/RHSA-2025:1611"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1611.json"
}
],
"title": "Red Hat Security Advisory: nodejs:22 security update",
"tracking": {
"current_release_date": "2025-02-17T20:11:27+00:00",
"generator": {
"date": "2025-02-17T20:11:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.1"
}
},
"id": "RHSA-2025:1611",
"initial_release_date": "2025-02-17T18:04:26+00:00",
"revision_history": [
{
"date": "2025-02-17T18:04:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-17T18:04:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-17T20:11:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs:22:8100020250130144944:6d880403",
"product": {
"name": "nodejs:22:8100020250130144944:6d880403",
"product_id": "nodejs:22:8100020250130144944:6d880403",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/nodejs@22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"product": {
"name": "nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"product_id": "nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"product_id": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.10.0%2B22759%2B46b58560?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel8.10.0%2B22759%2B46b58560?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"product": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"product_id": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=src"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"product_id": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.10.0%2B22759%2B46b58560?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_id": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_id": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_id": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=3"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_id": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_id": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_id": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=3"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_id": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_id": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_id": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=3"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_id": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_id": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_id": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=3"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
"product_reference": "nodejs:22:8100020250130144944:6d880403",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64"
},
"product_reference": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le"
},
"product_reference": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x"
},
"product_reference": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src"
},
"product_reference": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64"
},
"product_reference": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch"
},
"product_reference": "nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T18:04:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1611"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-23083",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-01-22T02:00:43.830080+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23083"
},
{
"category": "external",
"summary": "RHBZ#2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases"
}
],
"release_date": "2025-01-22T01:11:30.802000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T18:04:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1611"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel"
},
{
"cve": "CVE-2025-23085",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-28T17:23:01.915000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342618"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "RHBZ#2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085"
}
],
"release_date": "2025-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T18:04:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1611"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation for this issue other than updating to the package version which contains the fix.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap"
}
]
}
rhsa-2025:1443
Vulnerability from csaf_redhat
Published
2025-02-13 15:42
Modified
2025-02-17 20:11
Summary
Red Hat Security Advisory: nodejs:20 security update
Notes
Topic
An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)
* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)\n\n* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)\n\n* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1443",
"url": "https://access.redhat.com/errata/RHSA-2025:1443"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1443.json"
}
],
"title": "Red Hat Security Advisory: nodejs:20 security update",
"tracking": {
"current_release_date": "2025-02-17T20:11:13+00:00",
"generator": {
"date": "2025-02-17T20:11:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.1"
}
},
"id": "RHSA-2025:1443",
"initial_release_date": "2025-02-13T15:42:45+00:00",
"revision_history": [
{
"date": "2025-02-13T15:42:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-13T15:42:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-17T20:11:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs:20:9050020250130114516:rhel9",
"product": {
"name": "nodejs:20:9050020250130114516:rhel9",
"product_id": "nodejs:20:9050020250130114516:rhel9",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/nodejs@20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"product": {
"name": "nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"product_id": "nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.3.0.z%2B20478%2B84a9f781?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"product_id": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.3.0%2B19518%2B63aad52d?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel9.3.0%2B19518%2B63aad52d?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"product": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"product_id": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.3.0.z%2B20478%2B84a9f781?arch=src"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"product_id": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.3.0%2B19518%2B63aad52d?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_id": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_id": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_id": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_id": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product_id": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product_id": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_id": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_id": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
"product_reference": "nodejs:20:9050020250130114516:rhel9",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64"
},
"product_reference": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le"
},
"product_reference": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x"
},
"product_reference": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src"
},
"product_reference": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64"
},
"product_reference": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch"
},
"product_reference": "nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-13T15:42:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1443"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-23083",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-01-22T02:00:43.830080+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23083"
},
{
"category": "external",
"summary": "RHBZ#2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases"
}
],
"release_date": "2025-01-22T01:11:30.802000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-13T15:42:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1443"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel"
},
{
"cve": "CVE-2025-23085",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-28T17:23:01.915000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342618"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "RHBZ#2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085"
}
],
"release_date": "2025-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-13T15:42:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1443"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation for this issue other than updating to the package version which contains the fix.",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap"
}
]
}
rhsa-2025:1582
Vulnerability from csaf_redhat
Published
2025-02-17 12:52
Modified
2025-02-17 20:02
Summary
Red Hat Security Advisory: nodejs:18 security update
Notes
Topic
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)\n\n* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1582",
"url": "https://access.redhat.com/errata/RHSA-2025:1582"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1582.json"
}
],
"title": "Red Hat Security Advisory: nodejs:18 security update",
"tracking": {
"current_release_date": "2025-02-17T20:02:20+00:00",
"generator": {
"date": "2025-02-17T20:02:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.1"
}
},
"id": "RHSA-2025:1582",
"initial_release_date": "2025-02-17T12:52:35+00:00",
"revision_history": [
{
"date": "2025-02-17T12:52:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-17T12:52:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-17T20:02:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs:18:8100020250207121904:489197e6",
"product": {
"name": "nodejs:18:8100020250207121904:489197e6",
"product_id": "nodejs:18:8100020250207121904:489197e6",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/nodejs@18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch",
"product": {
"name": "nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch",
"product_id": "nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.10.0%2B21159%2Bf5a7145d?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"product_id": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.9.0%2B19439%2B7b18b275?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel8.9.0%2B19439%2B7b18b275?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src",
"product": {
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src",
"product_id": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.10.0%2B21159%2Bf5a7145d?arch=src"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src",
"product_id": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.9.0%2B19439%2B7b18b275?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"product": {
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"product_id": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"product": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"product_id": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"product": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"product_id": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"product": {
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"product_id": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"product": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"product_id": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64",
"product": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64",
"product_id": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product": {
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product_id": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product_id": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product_id": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product": {
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product_id": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product_id": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product_id": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"product": {
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"product_id": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"product": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"product_id": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"product": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"product_id": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"product": {
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"product_id": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"product": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"product_id": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x",
"product": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x",
"product_id": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"product": {
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"product_id": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"product": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"product_id": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"product": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"product_id": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"product": {
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"product_id": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"product": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"product_id": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64",
"product": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64",
"product_id": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
"product_reference": "nodejs:18:8100020250207121904:489197e6",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64 as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64"
},
"product_reference": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le"
},
"product_reference": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x"
},
"product_reference": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src"
},
"product_reference": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64 as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64"
},
"product_reference": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64 as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64"
},
"product_reference": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le"
},
"product_reference": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x"
},
"product_reference": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64 as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64"
},
"product_reference": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64 as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64"
},
"product_reference": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le"
},
"product_reference": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x"
},
"product_reference": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64 as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64"
},
"product_reference": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64 as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64"
},
"product_reference": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le"
},
"product_reference": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x"
},
"product_reference": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64 as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64"
},
"product_reference": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch"
},
"product_reference": "nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64 as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64"
},
"product_reference": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le"
},
"product_reference": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x"
},
"product_reference": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64 as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64"
},
"product_reference": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64 as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64"
},
"product_reference": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le"
},
"product_reference": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x"
},
"product_reference": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64 as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64"
},
"product_reference": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T12:52:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1582"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-23085",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-28T17:23:01.915000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342618"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "RHBZ#2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085"
}
],
"release_date": "2025-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T12:52:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1582"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation for this issue other than updating to the package version which contains the fix.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap"
}
]
}
rhsa-2025:1613
Vulnerability from csaf_redhat
Published
2025-02-17 19:21
Modified
2025-02-18 01:56
Summary
Red Hat Security Advisory: nodejs:22 security update
Notes
Topic
An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)
* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)\n\n* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)\n\n* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1613",
"url": "https://access.redhat.com/errata/RHSA-2025:1613"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1613.json"
}
],
"title": "Red Hat Security Advisory: nodejs:22 security update",
"tracking": {
"current_release_date": "2025-02-18T01:56:19+00:00",
"generator": {
"date": "2025-02-18T01:56:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.1"
}
},
"id": "RHSA-2025:1613",
"initial_release_date": "2025-02-17T19:21:42+00:00",
"revision_history": [
{
"date": "2025-02-17T19:21:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-17T19:21:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-18T01:56:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs:22:9050020250131131518:rhel9",
"product": {
"name": "nodejs:22:9050020250131131518:rhel9",
"product_id": "nodejs:22:9050020250131131518:rhel9",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/nodejs@22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"product": {
"name": "nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"product_id": "nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"product_id": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.5.0%2B22763%2B17233acb?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel9.5.0%2B22763%2B17233acb?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"product": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"product_id": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=src"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"product_id": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.5.0%2B22763%2B17233acb?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_id": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_id": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_id": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=3"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_id": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_id": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_id": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=3"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_id": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_id": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_id": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=3"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_id": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_id": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_id": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=3"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
"product_reference": "nodejs:22:9050020250131131518:rhel9",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64"
},
"product_reference": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le"
},
"product_reference": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x"
},
"product_reference": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src"
},
"product_reference": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64"
},
"product_reference": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch"
},
"product_reference": "nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T19:21:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1613"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-23083",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-01-22T02:00:43.830080+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23083"
},
{
"category": "external",
"summary": "RHBZ#2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases"
}
],
"release_date": "2025-01-22T01:11:30.802000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T19:21:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1613"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel"
},
{
"cve": "CVE-2025-23085",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-28T17:23:01.915000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342618"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "RHBZ#2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085"
}
],
"release_date": "2025-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T19:21:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1613"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation for this issue other than updating to the package version which contains the fix.",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap"
}
]
}
ghsa-c76h-2ccp-4975
Vulnerability from github
Published
2025-01-21 21:10
Modified
2025-01-21 21:10
Severity ?
Summary
Use of Insufficiently Random Values in undici
Details
Impact
Undici fetch() uses Math.random() to choose the boundary for a multipart/form-data request. It is known that the output of Math.random() can be predicted if several of its generated values are known.
If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, An attacker can tamper with the requests going to the backend APIs if certain conditions are met.
Patches
This is fixed in 5.28.5; 6.21.1; 7.2.3.
Workarounds
Do not issue multipart requests to attacker controlled servers.
References
- https://hackerone.com/reports/2913312
- https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "undici"
},
"ranges": [
{
"events": [
{
"introduced": "4.5.0"
},
{
"fixed": "5.28.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "undici"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.21.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "undici"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.2.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-22150"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": true,
"github_reviewed_at": "2025-01-21T21:10:47Z",
"nvd_published_at": "2025-01-21T18:15:14Z",
"severity": "MODERATE"
},
"details": "### Impact\n\n[Undici `fetch()` uses Math.random()](https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113) to choose the boundary for a multipart/form-data request. It is known that the output of Math.random() can be predicted if several of its generated values are known.\n\nIf there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, An attacker can tamper with the requests going to the backend APIs if certain conditions are met.\n\n### Patches\n\nThis is fixed in 5.28.5; 6.21.1; 7.2.3.\n\n### Workarounds\n\nDo not issue multipart requests to attacker controlled servers.\n\n### References\n\n* https://hackerone.com/reports/2913312\n* https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f\n",
"id": "GHSA-c76h-2ccp-4975",
"modified": "2025-01-21T21:10:47Z",
"published": "2025-01-21T21:10:47Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"type": "WEB",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"type": "WEB",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"type": "WEB",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/2913312"
},
{
"type": "WEB",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"type": "PACKAGE",
"url": "https://github.com/nodejs/undici"
},
{
"type": "WEB",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Use of Insufficiently Random Values in undici"
}
fkie_cve-2025-22150
Vulnerability from fkie_nvd
Published
2025-01-21 18:15
Modified
2025-01-21 18:15
Severity ?
Summary
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers."
},
{
"lang": "es",
"value": "Undici es un cliente HTTP/1.1. A partir de la versi\u00f3n 4.5.0 y antes de las versiones 5.28.5, 6.21.1 y 7.2.3, undici usa `Math.random()` para elegir el l\u00edmite de una solicitud multiparte/form-data. Se sabe que la salida de `Math.random()` se puede predecir si se conocen varios de sus valores generados. Si hay un mecanismo en una aplicaci\u00f3n que env\u00eda solicitudes multiparte a un sitio web controlado por un atacante, este puede usarlo para filtrar los valores necesarios. Por lo tanto, un atacante puede manipular las solicitudes que van a las API de backend si se cumplen ciertas condiciones. Esto se solucion\u00f3 en las versiones 5.28.5, 6.21.1 y 7.2.3. Como workaround, no env\u00ede solicitudes multiparte a servidores controlados por un atacante."
}
],
"id": "CVE-2025-22150",
"lastModified": "2025-01-21T18:15:14.887",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-01-21T18:15:14.887",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"source": "security-advisories@github.com",
"url": "https://hackerone.com/reports/2913312"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.