Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2025-23085
Vulnerability from cvelistv5
Published
2025-02-07 07:09
Modified
2025-02-07 15:57
Severity ?
EPSS score ?
Summary
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions.
This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23085",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T15:50:24.935972Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T15:57:11.221Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "node",
"vendor": "nodejs",
"versions": [
{
"lessThanOrEqual": "18.20.5",
"status": "affected",
"version": "18.20.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "20.18.1",
"status": "affected",
"version": "20.18.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "22.13.0",
"status": "affected",
"version": "22.13.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "23.6.0",
"status": "affected",
"version": "23.6.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions.\r\n\r\nThis vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T07:09:25.804Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-23085",
"datePublished": "2025-02-07T07:09:25.804Z",
"dateReserved": "2025-01-10T19:05:52.771Z",
"dateUpdated": "2025-02-07T15:57:11.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-23085\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2025-02-07T07:15:15.810\",\"lastModified\":\"2025-02-07T16:15:40.523\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions.\\r\\n\\r\\nThis vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"references\":[{\"url\":\"https://nodejs.org/en/blog/vulnerability/january-2025-security-releases\",\"source\":\"support@hackerone.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-23085\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-07T15:50:24.935972Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-401\", \"description\": \"CWE-401 Missing Release of Memory after Effective Lifetime\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-07T15:50:27.384Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\"}}], \"affected\": [{\"vendor\": \"nodejs\", \"product\": \"node\", \"versions\": [{\"status\": \"affected\", \"version\": \"18.20.5\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"18.20.5\"}, {\"status\": \"affected\", \"version\": \"20.18.1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"20.18.1\"}, {\"status\": \"affected\", \"version\": \"22.13.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"22.13.0\"}, {\"status\": \"affected\", \"version\": \"23.6.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"23.6.0\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://nodejs.org/en/blog/vulnerability/january-2025-security-releases\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions.\\r\\n\\r\\nThis vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.\"}], \"providerMetadata\": {\"orgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"shortName\": \"hackerone\", \"dateUpdated\": \"2025-02-07T07:09:25.804Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-23085\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-07T15:57:11.221Z\", \"dateReserved\": \"2025-01-10T19:05:52.771Z\", \"assignerOrgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"datePublished\": \"2025-02-07T07:09:25.804Z\", \"assignerShortName\": \"hackerone\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
fkie_cve-2025-23085
Vulnerability from fkie_nvd
Published
2025-02-07 07:15
Modified
2025-02-07 16:15
Severity ?
Summary
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions.
This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions.\r\n\r\nThis vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x."
},
{
"lang": "es",
"value": "Se podr\u00eda producir una p\u00e9rdida de memoria cuando un par remoto cierra abruptamente el socket sin enviar una notificaci\u00f3n GOAWAY. Adem\u00e1s, si nghttp2 detectaba un encabezado no v\u00e1lido, lo que hac\u00eda que el par terminara la conexi\u00f3n, se activaba la misma p\u00e9rdida. Esta falla podr\u00eda provocar un mayor consumo de memoria y una posible denegaci\u00f3n de servicio en determinadas condiciones. Esta vulnerabilidad afecta a los usuarios del servidor HTTP/2 en Node.js v18.x, v20.x, v22.x y v23.x."
}
],
"id": "CVE-2025-23085",
"lastModified": "2025-02-07T16:15:40.523",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "support@hackerone.com",
"type": "Secondary"
}
]
},
"published": "2025-02-07T07:15:15.810",
"references": [
{
"source": "support@hackerone.com",
"url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
rhsa-2025:1446
Vulnerability from csaf_redhat
Published
2025-02-13 16:03
Modified
2025-02-17 20:02
Summary
Red Hat Security Advisory: nodejs:18 security update
Notes
Topic
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)\n\n* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1446",
"url": "https://access.redhat.com/errata/RHSA-2025:1446"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1446.json"
}
],
"title": "Red Hat Security Advisory: nodejs:18 security update",
"tracking": {
"current_release_date": "2025-02-17T20:02:11+00:00",
"generator": {
"date": "2025-02-17T20:02:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.1"
}
},
"id": "RHSA-2025:1446",
"initial_release_date": "2025-02-13T16:03:15+00:00",
"revision_history": [
{
"date": "2025-02-13T16:03:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-13T16:03:15+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-17T20:02:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs:18:9050020250206154514:rhel9",
"product": {
"name": "nodejs:18:9050020250206154514:rhel9",
"product_id": "nodejs:18:9050020250206154514:rhel9",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/nodejs@18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch",
"product": {
"name": "nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch",
"product_id": "nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"product_id": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.5.0%2B22773%2B9a359385?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel9.5.0%2B22773%2B9a359385?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src",
"product": {
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src",
"product_id": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=src"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src",
"product_id": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.5.0%2B22773%2B9a359385?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"product": {
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"product_id": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"product": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"product_id": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"product": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"product_id": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"product": {
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"product_id": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"product": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"product_id": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64",
"product": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64",
"product_id": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel9.5.0%2B22773%2B9a359385?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"product": {
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"product_id": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"product": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"product_id": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"product": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"product_id": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"product": {
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"product_id": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"product": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"product_id": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le",
"product": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le",
"product_id": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel9.5.0%2B22773%2B9a359385?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"product": {
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"product_id": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"product": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"product_id": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"product": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"product_id": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"product": {
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"product_id": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"product": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"product_id": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x",
"product": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x",
"product_id": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel9.5.0%2B22773%2B9a359385?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"product": {
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"product_id": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"product": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"product_id": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"product": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"product_id": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"product": {
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"product_id": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"product": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"product_id": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64",
"product": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64",
"product_id": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel9.5.0%2B22773%2B9a359385?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
"product_reference": "nodejs:18:9050020250206154514:rhel9",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64 as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64"
},
"product_reference": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le"
},
"product_reference": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x"
},
"product_reference": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src"
},
"product_reference": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64 as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64"
},
"product_reference": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64 as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64"
},
"product_reference": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le"
},
"product_reference": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x"
},
"product_reference": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64 as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64"
},
"product_reference": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64 as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64"
},
"product_reference": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le"
},
"product_reference": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x"
},
"product_reference": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64 as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64"
},
"product_reference": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64 as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64"
},
"product_reference": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le"
},
"product_reference": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x"
},
"product_reference": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64 as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64"
},
"product_reference": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch"
},
"product_reference": "nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64 as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64"
},
"product_reference": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le"
},
"product_reference": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x"
},
"product_reference": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64 as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64"
},
"product_reference": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64 as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64"
},
"product_reference": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le"
},
"product_reference": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x"
},
"product_reference": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64 as a component of nodejs:18:9050020250206154514:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64"
},
"product_reference": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-13T16:03:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1446"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-23085",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-28T17:23:01.915000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342618"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "RHBZ#2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085"
}
],
"release_date": "2025-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-13T16:03:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1446"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation for this issue other than updating to the package version which contains the fix.",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:18:9050020250206154514:rhel9:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap"
}
]
}
rhsa-2025:1351
Vulnerability from csaf_redhat
Published
2025-02-12 15:32
Modified
2025-02-17 20:11
Summary
Red Hat Security Advisory: nodejs:20 security update
Notes
Topic
An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)
* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)\n\n* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)\n\n* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1351",
"url": "https://access.redhat.com/errata/RHSA-2025:1351"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1351.json"
}
],
"title": "Red Hat Security Advisory: nodejs:20 security update",
"tracking": {
"current_release_date": "2025-02-17T20:11:00+00:00",
"generator": {
"date": "2025-02-17T20:11:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.1"
}
},
"id": "RHSA-2025:1351",
"initial_release_date": "2025-02-12T15:32:22+00:00",
"revision_history": [
{
"date": "2025-02-12T15:32:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-12T15:32:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-17T20:11:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs:20:8100020250203134842:489197e6",
"product": {
"name": "nodejs:20:8100020250203134842:489197e6",
"product_id": "nodejs:20:8100020250203134842:489197e6",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/nodejs@20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"product": {
"name": "nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"product_id": "nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"product_id": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"product": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"product_id": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=src"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"product_id": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product_id": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product_id": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_id": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_id": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product_id": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product_id": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product_id": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product_id": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
"product_reference": "nodejs:20:8100020250203134842:489197e6",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64"
},
"product_reference": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le"
},
"product_reference": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x"
},
"product_reference": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src"
},
"product_reference": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64"
},
"product_reference": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch"
},
"product_reference": "nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-12T15:32:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1351"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-23083",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-01-22T02:00:43.830080+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23083"
},
{
"category": "external",
"summary": "RHBZ#2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases"
}
],
"release_date": "2025-01-22T01:11:30.802000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-12T15:32:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1351"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel"
},
{
"cve": "CVE-2025-23085",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-28T17:23:01.915000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342618"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "RHBZ#2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085"
}
],
"release_date": "2025-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-12T15:32:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1351"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation for this issue other than updating to the package version which contains the fix.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap"
}
]
}
rhsa-2025:1611
Vulnerability from csaf_redhat
Published
2025-02-17 18:04
Modified
2025-02-17 20:11
Summary
Red Hat Security Advisory: nodejs:22 security update
Notes
Topic
An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)
* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)\n\n* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)\n\n* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1611",
"url": "https://access.redhat.com/errata/RHSA-2025:1611"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1611.json"
}
],
"title": "Red Hat Security Advisory: nodejs:22 security update",
"tracking": {
"current_release_date": "2025-02-17T20:11:27+00:00",
"generator": {
"date": "2025-02-17T20:11:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.1"
}
},
"id": "RHSA-2025:1611",
"initial_release_date": "2025-02-17T18:04:26+00:00",
"revision_history": [
{
"date": "2025-02-17T18:04:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-17T18:04:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-17T20:11:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs:22:8100020250130144944:6d880403",
"product": {
"name": "nodejs:22:8100020250130144944:6d880403",
"product_id": "nodejs:22:8100020250130144944:6d880403",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/nodejs@22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"product": {
"name": "nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"product_id": "nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"product_id": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.10.0%2B22759%2B46b58560?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel8.10.0%2B22759%2B46b58560?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"product": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"product_id": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=src"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"product_id": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.10.0%2B22759%2B46b58560?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_id": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_id": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_id": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=3"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_id": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_id": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_id": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=3"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_id": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_id": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_id": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=3"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_id": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_id": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_id": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=3"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
"product_reference": "nodejs:22:8100020250130144944:6d880403",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64"
},
"product_reference": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le"
},
"product_reference": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x"
},
"product_reference": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src"
},
"product_reference": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64"
},
"product_reference": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch"
},
"product_reference": "nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T18:04:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1611"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-23083",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-01-22T02:00:43.830080+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23083"
},
{
"category": "external",
"summary": "RHBZ#2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases"
}
],
"release_date": "2025-01-22T01:11:30.802000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T18:04:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1611"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel"
},
{
"cve": "CVE-2025-23085",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-28T17:23:01.915000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342618"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "RHBZ#2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085"
}
],
"release_date": "2025-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T18:04:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1611"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation for this issue other than updating to the package version which contains the fix.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap"
}
]
}
rhsa-2025:1443
Vulnerability from csaf_redhat
Published
2025-02-13 15:42
Modified
2025-02-17 20:11
Summary
Red Hat Security Advisory: nodejs:20 security update
Notes
Topic
An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)
* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)\n\n* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)\n\n* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1443",
"url": "https://access.redhat.com/errata/RHSA-2025:1443"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1443.json"
}
],
"title": "Red Hat Security Advisory: nodejs:20 security update",
"tracking": {
"current_release_date": "2025-02-17T20:11:13+00:00",
"generator": {
"date": "2025-02-17T20:11:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.1"
}
},
"id": "RHSA-2025:1443",
"initial_release_date": "2025-02-13T15:42:45+00:00",
"revision_history": [
{
"date": "2025-02-13T15:42:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-13T15:42:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-17T20:11:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs:20:9050020250130114516:rhel9",
"product": {
"name": "nodejs:20:9050020250130114516:rhel9",
"product_id": "nodejs:20:9050020250130114516:rhel9",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/nodejs@20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"product": {
"name": "nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"product_id": "nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.3.0.z%2B20478%2B84a9f781?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"product_id": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.3.0%2B19518%2B63aad52d?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel9.3.0%2B19518%2B63aad52d?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"product": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"product_id": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.3.0.z%2B20478%2B84a9f781?arch=src"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"product_id": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.3.0%2B19518%2B63aad52d?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_id": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_id": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_id": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_id": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product_id": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product_id": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_id": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_id": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
"product_reference": "nodejs:20:9050020250130114516:rhel9",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64"
},
"product_reference": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le"
},
"product_reference": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x"
},
"product_reference": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src"
},
"product_reference": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64"
},
"product_reference": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch"
},
"product_reference": "nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-13T15:42:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1443"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-23083",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-01-22T02:00:43.830080+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23083"
},
{
"category": "external",
"summary": "RHBZ#2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases"
}
],
"release_date": "2025-01-22T01:11:30.802000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-13T15:42:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1443"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel"
},
{
"cve": "CVE-2025-23085",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-28T17:23:01.915000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342618"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "RHBZ#2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085"
}
],
"release_date": "2025-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-13T15:42:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1443"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation for this issue other than updating to the package version which contains the fix.",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap"
}
]
}
rhsa-2025:1582
Vulnerability from csaf_redhat
Published
2025-02-17 12:52
Modified
2025-02-17 20:02
Summary
Red Hat Security Advisory: nodejs:18 security update
Notes
Topic
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)\n\n* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1582",
"url": "https://access.redhat.com/errata/RHSA-2025:1582"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1582.json"
}
],
"title": "Red Hat Security Advisory: nodejs:18 security update",
"tracking": {
"current_release_date": "2025-02-17T20:02:20+00:00",
"generator": {
"date": "2025-02-17T20:02:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.1"
}
},
"id": "RHSA-2025:1582",
"initial_release_date": "2025-02-17T12:52:35+00:00",
"revision_history": [
{
"date": "2025-02-17T12:52:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-17T12:52:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-17T20:02:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs:18:8100020250207121904:489197e6",
"product": {
"name": "nodejs:18:8100020250207121904:489197e6",
"product_id": "nodejs:18:8100020250207121904:489197e6",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/nodejs@18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch",
"product": {
"name": "nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch",
"product_id": "nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.10.0%2B21159%2Bf5a7145d?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"product_id": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.9.0%2B19439%2B7b18b275?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel8.9.0%2B19439%2B7b18b275?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src",
"product": {
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src",
"product_id": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.10.0%2B21159%2Bf5a7145d?arch=src"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src",
"product_id": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.9.0%2B19439%2B7b18b275?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"product": {
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"product_id": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"product": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"product_id": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"product": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"product_id": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"product": {
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"product_id": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"product": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"product_id": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64",
"product": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64",
"product_id": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product": {
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product_id": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product_id": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product_id": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product": {
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product_id": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product_id": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product_id": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"product": {
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"product_id": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"product": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"product_id": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"product": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"product_id": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"product": {
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"product_id": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"product": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"product_id": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x",
"product": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x",
"product_id": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"product": {
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"product_id": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"product": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"product_id": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"product": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"product_id": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"product": {
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"product_id": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"product": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"product_id": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64",
"product": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64",
"product_id": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
"product_reference": "nodejs:18:8100020250207121904:489197e6",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64 as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64"
},
"product_reference": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le"
},
"product_reference": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x"
},
"product_reference": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src"
},
"product_reference": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64 as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64"
},
"product_reference": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64 as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64"
},
"product_reference": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le"
},
"product_reference": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x"
},
"product_reference": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64 as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64"
},
"product_reference": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64 as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64"
},
"product_reference": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le"
},
"product_reference": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x"
},
"product_reference": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64 as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64"
},
"product_reference": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64 as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64"
},
"product_reference": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le"
},
"product_reference": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x"
},
"product_reference": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64 as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64"
},
"product_reference": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch"
},
"product_reference": "nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64 as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64"
},
"product_reference": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le"
},
"product_reference": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x"
},
"product_reference": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64 as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64"
},
"product_reference": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64 as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64"
},
"product_reference": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le"
},
"product_reference": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x"
},
"product_reference": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64 as a component of nodejs:18:8100020250207121904:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64"
},
"product_reference": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T12:52:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1582"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-23085",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-28T17:23:01.915000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342618"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "RHBZ#2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085"
}
],
"release_date": "2025-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T12:52:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1582"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation for this issue other than updating to the package version which contains the fix.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:18:8100020250207121904:489197e6:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap"
}
]
}
rhsa-2025:1613
Vulnerability from csaf_redhat
Published
2025-02-17 19:21
Modified
2025-02-18 01:56
Summary
Red Hat Security Advisory: nodejs:22 security update
Notes
Topic
An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)
* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)\n\n* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)\n\n* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1613",
"url": "https://access.redhat.com/errata/RHSA-2025:1613"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1613.json"
}
],
"title": "Red Hat Security Advisory: nodejs:22 security update",
"tracking": {
"current_release_date": "2025-02-18T01:56:19+00:00",
"generator": {
"date": "2025-02-18T01:56:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.1"
}
},
"id": "RHSA-2025:1613",
"initial_release_date": "2025-02-17T19:21:42+00:00",
"revision_history": [
{
"date": "2025-02-17T19:21:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-17T19:21:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-18T01:56:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs:22:9050020250131131518:rhel9",
"product": {
"name": "nodejs:22:9050020250131131518:rhel9",
"product_id": "nodejs:22:9050020250131131518:rhel9",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/nodejs@22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"product": {
"name": "nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"product_id": "nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"product_id": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.5.0%2B22763%2B17233acb?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel9.5.0%2B22763%2B17233acb?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"product": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"product_id": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=src"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"product_id": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.5.0%2B22763%2B17233acb?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_id": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_id": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_id": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=3"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_id": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_id": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_id": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=3"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_id": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_id": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_id": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=3"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_id": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_id": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_id": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=3"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
"product_reference": "nodejs:22:9050020250131131518:rhel9",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64"
},
"product_reference": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le"
},
"product_reference": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x"
},
"product_reference": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src"
},
"product_reference": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64"
},
"product_reference": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch"
},
"product_reference": "nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T19:21:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1613"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-23083",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-01-22T02:00:43.830080+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23083"
},
{
"category": "external",
"summary": "RHBZ#2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases"
}
],
"release_date": "2025-01-22T01:11:30.802000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T19:21:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1613"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel"
},
{
"cve": "CVE-2025-23085",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-28T17:23:01.915000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342618"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "RHBZ#2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085"
}
],
"release_date": "2025-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T19:21:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1613"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation for this issue other than updating to the package version which contains the fix.",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap"
}
]
}
ghsa-qv9x-c8c9-rpr8
Vulnerability from github
Published
2025-02-07 09:31
Modified
2025-02-07 09:31
Severity ?
Details
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions.
This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.
{
"affected": [],
"aliases": [
"CVE-2025-23085"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-07T07:15:15Z",
"severity": "MODERATE"
},
"details": "A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions.\n\nThis vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.",
"id": "GHSA-qv9x-c8c9-rpr8",
"modified": "2025-02-07T09:31:51Z",
"published": "2025-02-07T09:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085"
},
{
"type": "WEB",
"url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.