{"id":"MGASA-2023-0299","summary":"Updated nodejs packages fix security vulnerabilities","details":"This is a security release. The following CVEs are fixed in this\nrelease:\n\nCVE-2023-44487: nghttp2 Security Release (High)\nCVE-2023-45143: undici Security Release (High)\nCVE-2023-38552: Integrity checks according to policies can be\ncircumvented (Medium)\nCVE-2023-39333: Code injection via WebAssembly export names (Low)\n\nMore detailed information on each of the vulnerabilities can be found in\nOctober 2023 Security Releases blog post.\n","modified":"2026-02-04T03:45:32.578003Z","published":"2023-10-22T21:04:51Z","related":["CVE-2023-38552","CVE-2023-39333","CVE-2023-44487","CVE-2023-45143"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0299.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32403"},{"type":"REPORT","url":"https://github.com/nodejs/node/releases/tag/v18.18.2"},{"type":"REPORT","url":"https://github.com/nodejs/node/releases/tag/v18.18.1"},{"type":"REPORT","url":"https://nodejs.org/en/blog/vulnerability/october-2023-security-releases"}],"affected":[{"package":{"name":"nodejs","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/nodejs?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"18.18.2-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0299.json"}},{"package":{"name":"yarnpkg","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/yarnpkg?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.22.19-14.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0299.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}