Action not permitted
Modal body text goes here.
cve-2025-23083
Vulnerability from cvelistv5
Published
2025-01-22 01:11
Modified
2025-04-30 22:25
Severity ?
EPSS score ?
Summary
With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage.
This vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23083",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T04:55:27.327533Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T14:09:06.805Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-02-28T13:07:33.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250228-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Node",
"vendor": "NodeJS",
"versions": [
{
"lessThan": "4.*",
"status": "affected",
"version": "4.0",
"versionType": "semver"
},
{
"lessThan": "5.*",
"status": "affected",
"version": "5.0",
"versionType": "semver"
},
{
"lessThan": "6.*",
"status": "affected",
"version": "6.0",
"versionType": "semver"
},
{
"lessThan": "7.*",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThan": "8.*",
"status": "affected",
"version": "8.0",
"versionType": "semver"
},
{
"lessThan": "9.*",
"status": "affected",
"version": "9.0",
"versionType": "semver"
},
{
"lessThan": "10.*",
"status": "affected",
"version": "10.0",
"versionType": "semver"
},
{
"lessThan": "11.*",
"status": "affected",
"version": "11.0",
"versionType": "semver"
},
{
"lessThan": "12.*",
"status": "affected",
"version": "12.0",
"versionType": "semver"
},
{
"lessThan": "13.*",
"status": "affected",
"version": "13.0",
"versionType": "semver"
},
{
"lessThan": "14.*",
"status": "affected",
"version": "14.0",
"versionType": "semver"
},
{
"lessThan": "15.*",
"status": "affected",
"version": "15.0",
"versionType": "semver"
},
{
"lessThan": "16.*",
"status": "affected",
"version": "16.0",
"versionType": "semver"
},
{
"lessThan": "17.*",
"status": "affected",
"version": "17.0",
"versionType": "semver"
},
{
"lessThan": "19.*",
"status": "affected",
"version": "19.0",
"versionType": "semver"
},
{
"lessThan": "20.18.2",
"status": "affected",
"version": "20.0",
"versionType": "semver"
},
{
"lessThan": "21.*",
"status": "affected",
"version": "21.0",
"versionType": "semver"
},
{
"lessThan": "22.13.1",
"status": "affected",
"version": "22.0",
"versionType": "semver"
},
{
"lessThan": "23.6.1",
"status": "affected",
"version": "23.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. \r\n\r\nThis vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T22:25:22.434Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-23083",
"datePublished": "2025-01-22T01:11:30.802Z",
"dateReserved": "2025-01-10T19:05:52.771Z",
"dateUpdated": "2025-04-30T22:25:22.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-23083\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2025-01-22T02:15:33.930\",\"lastModified\":\"2025-02-28T13:15:28.213\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. \\r\\n\\r\\nThis vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.\"},{\"lang\":\"es\",\"value\":\"Con la ayuda de la utilidad diagnostics_channel, se puede conectar un evento cada vez que se crea un subproceso de trabajo. Esto no se limita solo a los trabajadores, sino que tambi\u00e9n expone a los trabajadores internos, donde se puede obtener una instancia de ellos y se puede obtener su constructor y restablecerlo para un uso malintencionado. Esta vulnerabilidad afecta a los usuarios del modelo de permisos (--permission) en Node.js v20, v22 y v23.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.5,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"references\":[{\"url\":\"https://nodejs.org/en/blog/vulnerability/january-2025-security-releases\",\"source\":\"support@hackerone.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20250228-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
rhsa-2025_1443
Vulnerability from csaf_redhat
Published
2025-02-13 15:42
Modified
2025-02-28 01:58
Summary
Red Hat Security Advisory: nodejs:20 security update
Notes
Topic
An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)
* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)\n\n* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)\n\n* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1443",
"url": "https://access.redhat.com/errata/RHSA-2025:1443"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1443.json"
}
],
"title": "Red Hat Security Advisory: nodejs:20 security update",
"tracking": {
"current_release_date": "2025-02-28T01:58:35+00:00",
"generator": {
"date": "2025-02-28T01:58:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.1"
}
},
"id": "RHSA-2025:1443",
"initial_release_date": "2025-02-13T15:42:45+00:00",
"revision_history": [
{
"date": "2025-02-13T15:42:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-13T15:42:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-28T01:58:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs:20:9050020250130114516:rhel9",
"product": {
"name": "nodejs:20:9050020250130114516:rhel9",
"product_id": "nodejs:20:9050020250130114516:rhel9",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/nodejs@20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"product": {
"name": "nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"product_id": "nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.3.0.z%2B20478%2B84a9f781?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"product_id": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.3.0%2B19518%2B63aad52d?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel9.3.0%2B19518%2B63aad52d?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"product": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"product_id": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.3.0.z%2B20478%2B84a9f781?arch=src"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"product_id": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.3.0%2B19518%2B63aad52d?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_id": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_id": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_id": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_id": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product_id": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product_id": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_id": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_id": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
"product_reference": "nodejs:20:9050020250130114516:rhel9",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64"
},
"product_reference": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le"
},
"product_reference": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x"
},
"product_reference": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src"
},
"product_reference": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64"
},
"product_reference": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch"
},
"product_reference": "nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64 as a component of nodejs:20:9050020250130114516:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-13T15:42:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1443"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-23083",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-01-22T02:00:43.830080+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because the diagnostics_channel utility, allowing attackers to hook into events triggered when a worker thread is created. This not only exposes user-defined workers but also internal workers, enabling the attacker to retrieve instances and potentially capture and reinstate their constructors for malicious purposes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23083"
},
{
"category": "external",
"summary": "RHBZ#2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases"
}
],
"release_date": "2025-01-22T01:11:30.802000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-13T15:42:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1443"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel"
},
{
"cve": "CVE-2025-23085",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-28T17:23:01.915000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342618"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "RHBZ#2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085"
}
],
"release_date": "2025-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-13T15:42:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1443"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation for this issue other than updating to the package version which contains the fix.",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:20:9050020250130114516:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap"
}
]
}
rhsa-2025_1351
Vulnerability from csaf_redhat
Published
2025-02-12 15:32
Modified
2025-02-28 01:58
Summary
Red Hat Security Advisory: nodejs:20 security update
Notes
Topic
An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)
* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)\n\n* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)\n\n* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1351",
"url": "https://access.redhat.com/errata/RHSA-2025:1351"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1351.json"
}
],
"title": "Red Hat Security Advisory: nodejs:20 security update",
"tracking": {
"current_release_date": "2025-02-28T01:58:30+00:00",
"generator": {
"date": "2025-02-28T01:58:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.1"
}
},
"id": "RHSA-2025:1351",
"initial_release_date": "2025-02-12T15:32:22+00:00",
"revision_history": [
{
"date": "2025-02-12T15:32:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-12T15:32:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-28T01:58:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs:20:8100020250203134842:489197e6",
"product": {
"name": "nodejs:20:8100020250203134842:489197e6",
"product_id": "nodejs:20:8100020250203134842:489197e6",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/nodejs@20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"product": {
"name": "nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"product_id": "nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"product_id": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"product": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"product_id": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=src"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"product_id": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product_id": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product_id": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_id": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_id": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product_id": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product_id": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product_id": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product_id": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
"product_reference": "nodejs:20:8100020250203134842:489197e6",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64"
},
"product_reference": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le"
},
"product_reference": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x"
},
"product_reference": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src"
},
"product_reference": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64"
},
"product_reference": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch"
},
"product_reference": "nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64 as a component of nodejs:20:8100020250203134842:489197e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-12T15:32:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1351"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-23083",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-01-22T02:00:43.830080+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because the diagnostics_channel utility, allowing attackers to hook into events triggered when a worker thread is created. This not only exposes user-defined workers but also internal workers, enabling the attacker to retrieve instances and potentially capture and reinstate their constructors for malicious purposes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23083"
},
{
"category": "external",
"summary": "RHBZ#2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases"
}
],
"release_date": "2025-01-22T01:11:30.802000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-12T15:32:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1351"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel"
},
{
"cve": "CVE-2025-23085",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-28T17:23:01.915000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342618"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "RHBZ#2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085"
}
],
"release_date": "2025-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-12T15:32:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1351"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation for this issue other than updating to the package version which contains the fix.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:20:8100020250203134842:489197e6:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap"
}
]
}
rhsa-2025_1611
Vulnerability from csaf_redhat
Published
2025-02-17 18:04
Modified
2025-02-28 01:58
Summary
Red Hat Security Advisory: nodejs:22 security update
Notes
Topic
An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)
* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)\n\n* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)\n\n* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1611",
"url": "https://access.redhat.com/errata/RHSA-2025:1611"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1611.json"
}
],
"title": "Red Hat Security Advisory: nodejs:22 security update",
"tracking": {
"current_release_date": "2025-02-28T01:58:56+00:00",
"generator": {
"date": "2025-02-28T01:58:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.1"
}
},
"id": "RHSA-2025:1611",
"initial_release_date": "2025-02-17T18:04:26+00:00",
"revision_history": [
{
"date": "2025-02-17T18:04:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-17T18:04:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-28T01:58:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs:22:8100020250130144944:6d880403",
"product": {
"name": "nodejs:22:8100020250130144944:6d880403",
"product_id": "nodejs:22:8100020250130144944:6d880403",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/nodejs@22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"product": {
"name": "nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"product_id": "nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"product_id": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.10.0%2B22759%2B46b58560?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel8.10.0%2B22759%2B46b58560?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"product": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"product_id": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=src"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"product_id": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.10.0%2B22759%2B46b58560?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_id": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_id": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_id": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=3"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_id": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_id": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_id": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=3"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_id": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_id": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_id": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=3"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_id": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_id": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_id": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=3"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
"product_reference": "nodejs:22:8100020250130144944:6d880403",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64"
},
"product_reference": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le"
},
"product_reference": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x"
},
"product_reference": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src"
},
"product_reference": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64"
},
"product_reference": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch"
},
"product_reference": "nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64 as a component of nodejs:22:8100020250130144944:6d880403 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T18:04:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1611"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-23083",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-01-22T02:00:43.830080+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because the diagnostics_channel utility, allowing attackers to hook into events triggered when a worker thread is created. This not only exposes user-defined workers but also internal workers, enabling the attacker to retrieve instances and potentially capture and reinstate their constructors for malicious purposes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23083"
},
{
"category": "external",
"summary": "RHBZ#2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases"
}
],
"release_date": "2025-01-22T01:11:30.802000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T18:04:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1611"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel"
},
{
"cve": "CVE-2025-23085",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-28T17:23:01.915000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342618"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "RHBZ#2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085"
}
],
"release_date": "2025-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T18:04:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1611"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation for this issue other than updating to the package version which contains the fix.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs:22:8100020250130144944:6d880403:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap"
}
]
}
rhsa-2025_1522
Vulnerability from csaf_redhat
Published
2025-02-17 04:50
Modified
2025-02-28 01:58
Summary
Red Hat Security Advisory: nodejs:20 security update
Notes
Topic
An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1522",
"url": "https://access.redhat.com/errata/RHSA-2025:1522"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1522.json"
}
],
"title": "Red Hat Security Advisory: nodejs:20 security update",
"tracking": {
"current_release_date": "2025-02-28T01:58:46+00:00",
"generator": {
"date": "2025-02-28T01:58:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.1"
}
},
"id": "RHSA-2025:1522",
"initial_release_date": "2025-02-17T04:50:14+00:00",
"revision_history": [
{
"date": "2025-02-17T04:50:14+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-17T04:50:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-28T01:58:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs:20:9040020250211134231:rhel9",
"product": {
"name": "nodejs:20:9040020250211134231:rhel9",
"product_id": "nodejs:20:9040020250211134231:rhel9",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/nodejs@20:9040020250211134231:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-docs-1:20.18.2-1.module+el9.4.0+22789+7c201776.noarch",
"product": {
"name": "nodejs-docs-1:20.18.2-1.module+el9.4.0+22789+7c201776.noarch",
"product_id": "nodejs-docs-1:20.18.2-1.module+el9.4.0+22789+7c201776.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@20.18.2-1.module%2Bel9.4.0%2B22789%2B7c201776?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.3.0.z%2B20478%2B84a9f781?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"product_id": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.3.0%2B19518%2B63aad52d?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel9.3.0%2B19518%2B63aad52d?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.src",
"product": {
"name": "nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.src",
"product_id": "nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel9.4.0%2B22789%2B7c201776?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.3.0.z%2B20478%2B84a9f781?arch=src"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"product_id": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.3.0%2B19518%2B63aad52d?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"product": {
"name": "nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"product_id": "nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel9.4.0%2B22789%2B7c201776?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel9.4.0%2B22789%2B7c201776?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel9.4.0%2B22789%2B7c201776?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"product_id": "nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel9.4.0%2B22789%2B7c201776?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel9.4.0%2B22789%2B7c201776?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.aarch64",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.aarch64",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel9.4.0%2B22789%2B7c201776?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"product": {
"name": "nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"product_id": "nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel9.4.0%2B22789%2B7c201776?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel9.4.0%2B22789%2B7c201776?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel9.4.0%2B22789%2B7c201776?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"product_id": "nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel9.4.0%2B22789%2B7c201776?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel9.4.0%2B22789%2B7c201776?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.ppc64le",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.ppc64le",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel9.4.0%2B22789%2B7c201776?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"product": {
"name": "nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"product_id": "nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel9.4.0%2B22789%2B7c201776?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel9.4.0%2B22789%2B7c201776?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel9.4.0%2B22789%2B7c201776?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"product_id": "nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel9.4.0%2B22789%2B7c201776?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel9.4.0%2B22789%2B7c201776?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.s390x",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.s390x",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel9.4.0%2B22789%2B7c201776?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"product": {
"name": "nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"product_id": "nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel9.4.0%2B22789%2B7c201776?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel9.4.0%2B22789%2B7c201776?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel9.4.0%2B22789%2B7c201776?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"product_id": "nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel9.4.0%2B22789%2B7c201776?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel9.4.0%2B22789%2B7c201776?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.x86_64",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.x86_64",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel9.4.0%2B22789%2B7c201776?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
},
"product_reference": "nodejs:20:9040020250211134231:rhel9",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64 as a component of nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64"
},
"product_reference": "nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le as a component of nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le"
},
"product_reference": "nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x as a component of nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x"
},
"product_reference": "nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.src as a component of nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.src"
},
"product_reference": "nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64 as a component of nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64"
},
"product_reference": "nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64 as a component of nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le as a component of nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x as a component of nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64 as a component of nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64 as a component of nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le as a component of nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x as a component of nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64 as a component of nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64 as a component of nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le as a component of nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x as a component of nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64 as a component of nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:20.18.2-1.module+el9.4.0+22789+7c201776.noarch as a component of nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-docs-1:20.18.2-1.module+el9.4.0+22789+7c201776.noarch"
},
"product_reference": "nodejs-docs-1:20.18.2-1.module+el9.4.0+22789+7c201776.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64 as a component of nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le as a component of nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x as a component of nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64 as a component of nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch as a component of nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src as a component of nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch as a component of nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src as a component of nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch as a component of nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.aarch64 as a component of nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.aarch64"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.ppc64le as a component of nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.ppc64le"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.s390x as a component of nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.s390x"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.x86_64 as a component of nodejs:20:9040020250211134231:rhel9 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.x86_64"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-23083",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-01-22T02:00:43.830080+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because the diagnostics_channel utility, allowing attackers to hook into events triggered when a worker thread is created. This not only exposes user-defined workers but also internal workers, enabling the attacker to retrieve instances and potentially capture and reinstate their constructors for malicious purposes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.src",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-docs-1:20.18.2-1.module+el9.4.0+22789+7c201776.noarch",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.aarch64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.ppc64le",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.s390x",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23083"
},
{
"category": "external",
"summary": "RHBZ#2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases"
}
],
"release_date": "2025-01-22T01:11:30.802000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T04:50:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.src",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-docs-1:20.18.2-1.module+el9.4.0+22789+7c201776.noarch",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.aarch64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.ppc64le",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.s390x",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1522"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.src",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debuginfo-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-debugsource-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-devel-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-docs-1:20.18.2-1.module+el9.4.0+22789+7c201776.noarch",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.aarch64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.ppc64le",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.s390x",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-full-i18n-1:20.18.2-1.module+el9.4.0+22789+7c201776.x86_64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.aarch64",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.ppc64le",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.s390x",
"AppStream-9.4.0.Z.EUS:nodejs:20:9040020250211134231:rhel9:npm-1:10.8.2-1.20.18.2.1.module+el9.4.0+22789+7c201776.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel"
}
]
}
rhsa-2025_1613
Vulnerability from csaf_redhat
Published
2025-02-17 19:21
Modified
2025-02-28 01:58
Summary
Red Hat Security Advisory: nodejs:22 security update
Notes
Topic
An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)
* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)\n\n* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)\n\n* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1613",
"url": "https://access.redhat.com/errata/RHSA-2025:1613"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1613.json"
}
],
"title": "Red Hat Security Advisory: nodejs:22 security update",
"tracking": {
"current_release_date": "2025-02-28T01:58:50+00:00",
"generator": {
"date": "2025-02-28T01:58:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.1"
}
},
"id": "RHSA-2025:1613",
"initial_release_date": "2025-02-17T19:21:42+00:00",
"revision_history": [
{
"date": "2025-02-17T19:21:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-17T19:21:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-28T01:58:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs:22:9050020250131131518:rhel9",
"product": {
"name": "nodejs:22:9050020250131131518:rhel9",
"product_id": "nodejs:22:9050020250131131518:rhel9",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/nodejs@22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"product": {
"name": "nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"product_id": "nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"product_id": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.5.0%2B22763%2B17233acb?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel9.5.0%2B22763%2B17233acb?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"product": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"product_id": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=src"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"product_id": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.5.0%2B22763%2B17233acb?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_id": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_id": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_id": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=3"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_id": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_id": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_id": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=3"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_id": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_id": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_id": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=3"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_id": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_id": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_id": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=3"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
"product_reference": "nodejs:22:9050020250131131518:rhel9",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64"
},
"product_reference": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le"
},
"product_reference": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x"
},
"product_reference": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src"
},
"product_reference": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64"
},
"product_reference": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch"
},
"product_reference": "nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64 as a component of nodejs:22:9050020250131131518:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T19:21:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1613"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-23083",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-01-22T02:00:43.830080+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because the diagnostics_channel utility, allowing attackers to hook into events triggered when a worker thread is created. This not only exposes user-defined workers but also internal workers, enabling the attacker to retrieve instances and potentially capture and reinstate their constructors for malicious purposes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23083"
},
{
"category": "external",
"summary": "RHBZ#2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases"
}
],
"release_date": "2025-01-22T01:11:30.802000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T19:21:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1613"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel"
},
{
"cve": "CVE-2025-23085",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-28T17:23:01.915000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342618"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "RHBZ#2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085"
}
],
"release_date": "2025-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T19:21:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1613"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation for this issue other than updating to the package version which contains the fix.",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x",
"AppStream-9.5.0.Z.MAIN:nodejs:22:9050020250131131518:rhel9:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap"
}
]
}
ghsa-wv7p-rjf3-9fr5
Vulnerability from github
Published
2025-01-22 03:30
Modified
2025-02-28 15:30
Severity ?
Details
With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage.
This vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.
{
"affected": [],
"aliases": [
"CVE-2025-23083"
],
"database_specific": {
"cwe_ids": [
"CWE-284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-22T02:15:33Z",
"severity": "HIGH"
},
"details": "With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. \n\nThis vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.",
"id": "GHSA-wv7p-rjf3-9fr5",
"modified": "2025-02-28T15:30:59Z",
"published": "2025-01-22T03:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083"
},
{
"type": "WEB",
"url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20250228-0008"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.