Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-15606 (GCVE-0-2019-15606)
Vulnerability from cvelistv5 – Published: 2020-02-07 14:58 – Updated: 2025-04-30 22:24
VLAI?
EPSS
Summary
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
Severity ?
No CVSS data available.
CWE
- CWE-20 - Improper Input Validation (CWE-20)
Assigner
References
16 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NodeJS | Node |
Affected:
4.0 , < 4.*
(semver)
Affected: 5.0 , < 5.* (semver) Affected: 6.0 , < 6.* (semver) Affected: 7.0 , < 7.* (semver) Affected: 8.0 , < 8.* (semver) Affected: 9.0 , < 9.* (semver) Affected: 10.0 , < 10.19.0 (semver) Affected: 11.0 , < 11.* (semver) Affected: 12.0 , < 12.15.0 (semver) Affected: 13.0 , < 13.8.0 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:49:13.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2020:0573",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0573"
},
{
"name": "RHSA-2020:0579",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0579"
},
{
"name": "RHSA-2020:0597",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0597"
},
{
"name": "RHSA-2020:0598",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0598"
},
{
"name": "RHSA-2020:0602",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0602"
},
{
"name": "openSUSE-SU-2020:0293",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html"
},
{
"name": "GLSA-202003-48",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-48"
},
{
"name": "DSA-4669",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4669"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nodejs.org/en/blog/release/v13.8.0/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nodejs.org/en/blog/release/v10.19.0/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nodejs.org/en/blog/release/v12.15.0/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200221-0004/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/730779"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Node",
"vendor": "NodeJS",
"versions": [
{
"lessThan": "4.*",
"status": "affected",
"version": "4.0",
"versionType": "semver"
},
{
"lessThan": "5.*",
"status": "affected",
"version": "5.0",
"versionType": "semver"
},
{
"lessThan": "6.*",
"status": "affected",
"version": "6.0",
"versionType": "semver"
},
{
"lessThan": "7.*",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThan": "8.*",
"status": "affected",
"version": "8.0",
"versionType": "semver"
},
{
"lessThan": "9.*",
"status": "affected",
"version": "9.0",
"versionType": "semver"
},
{
"lessThan": "10.19.0",
"status": "affected",
"version": "10.0",
"versionType": "semver"
},
{
"lessThan": "11.*",
"status": "affected",
"version": "11.0",
"versionType": "semver"
},
{
"lessThan": "12.15.0",
"status": "affected",
"version": "12.0",
"versionType": "semver"
},
{
"lessThan": "13.8.0",
"status": "affected",
"version": "13.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation (CWE-20)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T22:24:24.274Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"name": "RHSA-2020:0573",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0573"
},
{
"name": "RHSA-2020:0579",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0579"
},
{
"name": "RHSA-2020:0597",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0597"
},
{
"name": "RHSA-2020:0598",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0598"
},
{
"name": "RHSA-2020:0602",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0602"
},
{
"name": "openSUSE-SU-2020:0293",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html"
},
{
"name": "GLSA-202003-48",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-48"
},
{
"name": "DSA-4669",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4669"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nodejs.org/en/blog/release/v13.8.0/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nodejs.org/en/blog/release/v10.19.0/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nodejs.org/en/blog/release/v12.15.0/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200221-0004/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/730779"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2019-15606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/nodejs/node",
"version": {
"version_data": [
{
"version_value": "10.19.0, 12.15.0, 13.8.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation (CWE-20)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2020:0573",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0573"
},
{
"name": "RHSA-2020:0579",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0579"
},
{
"name": "RHSA-2020:0597",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0597"
},
{
"name": "RHSA-2020:0598",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0598"
},
{
"name": "RHSA-2020:0602",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0602"
},
{
"name": "openSUSE-SU-2020:0293",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html"
},
{
"name": "GLSA-202003-48",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-48"
},
{
"name": "DSA-4669",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4669"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://nodejs.org/en/blog/release/v13.8.0/",
"refsource": "CONFIRM",
"url": "https://nodejs.org/en/blog/release/v13.8.0/"
},
{
"name": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/",
"refsource": "CONFIRM",
"url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/"
},
{
"name": "https://nodejs.org/en/blog/release/v10.19.0/",
"refsource": "CONFIRM",
"url": "https://nodejs.org/en/blog/release/v10.19.0/"
},
{
"name": "https://nodejs.org/en/blog/release/v12.15.0/",
"refsource": "CONFIRM",
"url": "https://nodejs.org/en/blog/release/v12.15.0/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200221-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200221-0004/"
},
{
"name": "https://hackerone.com/reports/730779",
"refsource": "MISC",
"url": "https://hackerone.com/reports/730779"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2019-15606",
"datePublished": "2020-02-07T14:58:08.000Z",
"dateReserved": "2019-08-26T00:00:00.000Z",
"dateUpdated": "2025-04-30T22:24:24.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-15606",
"date": "2026-05-21",
"epss": "0.01338",
"percentile": "0.80214"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\", \"versionStartIncluding\": \"10.0.0\", \"versionEndExcluding\": \"10.19.0\", \"matchCriteriaId\": \"E92EC0A2-0C04-4226-8905-5F580DF41F82\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\", \"versionStartIncluding\": \"12.0.0\", \"versionEndExcluding\": \"12.15.0\", \"matchCriteriaId\": \"BA72B481-FA0B-473E-8E23-F0FC3D4C57F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndExcluding\": \"13.8.0\", \"matchCriteriaId\": \"D5B70848-F6C3-4131-8A91-6BA3379ED646\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E47FBC8E-1C21-4448-8C59-4D48F08B151B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:graalvm:19.3.1:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"52D0A602-6044-4D93-9E67-4B24BE3BAD0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:graalvm:20.0.0:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"ED734878-EBEA-418E-88A0-0C30AAB477E2\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"92BC9265-6959-4D37-BE5E-8C45E98992F8\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons\"}, {\"lang\": \"es\", \"value\": \"Una inclusi\\u00f3n de espacios en blanco finales en los valores de encabezado HTTP en Nodejs versiones 10, 12 y 13, causa una omisi\\u00f3n de autorizaci\\u00f3n seg\\u00fan las comparaciones de valores de encabezado.\"}]",
"id": "CVE-2019-15606",
"lastModified": "2024-11-21T04:29:07.063",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2020-02-07T15:15:11.413",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html\", \"source\": \"support@hackerone.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0573\", \"source\": \"support@hackerone.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0579\", \"source\": \"support@hackerone.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0597\", \"source\": \"support@hackerone.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0598\", \"source\": \"support@hackerone.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0602\", \"source\": \"support@hackerone.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://hackerone.com/reports/730779\", \"source\": \"support@hackerone.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://nodejs.org/en/blog/release/v10.19.0/\", \"source\": \"support@hackerone.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://nodejs.org/en/blog/release/v12.15.0/\", \"source\": \"support@hackerone.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://nodejs.org/en/blog/release/v13.8.0/\", \"source\": \"support@hackerone.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/\", \"source\": \"support@hackerone.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202003-48\", \"source\": \"support@hackerone.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200221-0004/\", \"source\": \"support@hackerone.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4669\", \"source\": \"support@hackerone.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com//security-alerts/cpujul2021.html\", \"source\": \"support@hackerone.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"source\": \"support@hackerone.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0573\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0579\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0597\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0598\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0602\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://hackerone.com/reports/730779\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://nodejs.org/en/blog/release/v10.19.0/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://nodejs.org/en/blog/release/v12.15.0/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://nodejs.org/en/blog/release/v13.8.0/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202003-48\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200221-0004/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4669\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com//security-alerts/cpujul2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"support@hackerone.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-15606\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2020-02-07T15:15:11.413\",\"lastModified\":\"2024-11-21T04:29:07.063\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons\"},{\"lang\":\"es\",\"value\":\"Una inclusi\u00f3n de espacios en blanco finales en los valores de encabezado HTTP en Nodejs versiones 10, 12 y 13, causa una omisi\u00f3n de autorizaci\u00f3n seg\u00fan las comparaciones de valores de encabezado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.19.0\",\"matchCriteriaId\":\"E92EC0A2-0C04-4226-8905-5F580DF41F82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndExcluding\":\"12.15.0\",\"matchCriteriaId\":\"BA72B481-FA0B-473E-8E23-F0FC3D4C57F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndExcluding\":\"13.8.0\",\"matchCriteriaId\":\"D5B70848-F6C3-4131-8A91-6BA3379ED646\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E47FBC8E-1C21-4448-8C59-4D48F08B151B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:19.3.1:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"52D0A602-6044-4D93-9E67-4B24BE3BAD0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:20.0.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"ED734878-EBEA-418E-88A0-0C30AAB477E2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92BC9265-6959-4D37-BE5E-8C45E98992F8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0573\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0579\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0597\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0598\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0602\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/730779\",\"source\":\"support@hackerone.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/release/v10.19.0/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/release/v12.15.0/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/release/v13.8.0/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202003-48\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200221-0004/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4669\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0573\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0579\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0597\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0598\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0602\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/730779\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/release/v10.19.0/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/release/v12.15.0/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/release/v13.8.0/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202003-48\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200221-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4669\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
alsa-2020:0579
Vulnerability from osv_almalinux
Published
2020-02-25 07:57
Modified
2020-02-25 07:57
Summary
Important: nodejs:10 security update
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (10.19.0).
Security Fix(es):
-
nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605)
-
nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string (CVE-2019-15604)
-
nodejs: HTTP header values do not have trailing optional whitespace trimmed (CVE-2019-15606)
-
npm: Symlink reference outside of node_modules folder through the bin field upon installation (CVE-2019-16775)
-
npm: Arbitrary file write via constructed entry in the package.json bin field (CVE-2019-16776)
-
npm: Global node_modules Binary Overwrite (CVE-2019-16777)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-nodemon"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.3-1.module_el8.3.0+2023+d2377ea3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-nodemon"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.3-1.module_el8.3.0+2047+b07ac28e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-packaging"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17-3.module_el8.4.0+2224+b07ac28e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-packaging"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17-3.module_el8.4.0+2521+c668cc9f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-packaging"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17-3.module_el8.3.0+2023+d2377ea3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.\n\nThe following packages have been upgraded to a later upstream version: nodejs (10.19.0).\n\nSecurity Fix(es):\n\n* nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605)\n\n* nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string (CVE-2019-15604)\n\n* nodejs: HTTP header values do not have trailing optional whitespace trimmed (CVE-2019-15606)\n\n* npm: Symlink reference outside of node_modules folder through the bin field upon installation (CVE-2019-16775)\n\n* npm: Arbitrary file write via constructed entry in the package.json bin field (CVE-2019-16776)\n\n* npm: Global node_modules Binary Overwrite (CVE-2019-16777)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2020:0579",
"modified": "2020-02-25T07:57:02Z",
"published": "2020-02-25T07:57:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2020-0579.html"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-15604"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-15605"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-15606"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-16775"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-16776"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-16777"
}
],
"related": [
"CVE-2019-15605",
"CVE-2019-15604",
"CVE-2019-15606",
"CVE-2019-16775",
"CVE-2019-16776",
"CVE-2019-16777"
],
"summary": "Important: nodejs:10 security update"
}
alsa-2020:0598
Vulnerability from osv_almalinux
Published
2020-02-25 13:06
Modified
2020-02-25 13:06
Summary
Important: nodejs:12 security update
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (12.16.1).
Security Fix(es):
-
nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605)
-
nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string (CVE-2019-15604)
-
nodejs: HTTP header values do not have trailing optional whitespace trimmed (CVE-2019-15606)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |
|---|---|---|
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-nodemon"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.3-1.module_el8.3.0+2023+d2377ea3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-nodemon"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.3-1.module_el8.3.0+2047+b07ac28e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-packaging"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17-3.module_el8.4.0+2224+b07ac28e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-packaging"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17-3.module_el8.4.0+2521+c668cc9f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-packaging"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17-3.module_el8.3.0+2023+d2377ea3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.\n\nThe following packages have been upgraded to a later upstream version: nodejs (12.16.1).\n\nSecurity Fix(es):\n\n* nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605)\n\n* nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string (CVE-2019-15604)\n\n* nodejs: HTTP header values do not have trailing optional whitespace trimmed (CVE-2019-15606)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2020:0598",
"modified": "2020-02-25T13:06:23Z",
"published": "2020-02-25T13:06:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2020-0598.html"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-15604"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-15605"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-15606"
}
],
"related": [
"CVE-2019-15605",
"CVE-2019-15604",
"CVE-2019-15606"
],
"summary": "Important: nodejs:12 security update"
}
BDU:2020-02545
Vulnerability from fstec - Published: 06.02.2020
VLAI Severity ?
Title
Уязвимость программной платформы Node.js, связанная с недостаточной проверкой вводимых данных при обработке заголовков HTTP, позволяющая нарушителю получить полный контроль над приложением
Description
Уязвимость программной платформы Node.js связана с недостаточной проверкой вводимых данных при обработке заголовков HTTP. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить полный контроль над приложением с помощью многочисленных сетевых протоколов
Severity ?
Vendor
Red Hat Inc., Novell Inc., Сообщество свободного программного обеспечения, Node.js Foundation, Oracle Corp., АО «ИВК»
Software Name
Red Hat Enterprise Linux, OpenSUSE Leap, Debian GNU/Linux, Node.js, GraalVM Enterprise Edition, Альт 8 СП (запись в едином реестре российских программ №4305)
Software Version
8 (Red Hat Enterprise Linux), 15.1 (OpenSUSE Leap), 10 (Debian GNU/Linux), от 10.0.0 до 10.19.0 (Node.js), от 12.0.0 до 12.15.0 (Node.js), от 13.0.0 до 13.8.0 (Node.js), 19.3.1 (GraalVM Enterprise Edition), 20.0.0 (GraalVM Enterprise Edition), - (Альт 8 СП)
Possible Mitigations
Использование рекомендаций:
Обновление для Node.js:
https://nodejs.org/en/blog/release/v10.19.0/
https://nodejs.org/en/blog/release/v12.15.0/
https://nodejs.org/en/blog/release/v13.8.0/
https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/
Для OpenSUSE:
https://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html
Для Oracle:
https://www.oracle.com/security-alerts/cpuapr2020.html
Для Debian GNU/Linux:
https://www.debian.org/security/2020/dsa-4669
Для Red Hat:
https://access.redhat.com/security/cve/CVE-2019-15606?extIdCarryOver=true&sc_cid=701f2000001OH7JAAW
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства
Reference
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html
https://access.redhat.com/errata/RHSA-2020:0573
https://access.redhat.com/errata/RHSA-2020:0579
https://access.redhat.com/errata/RHSA-2020:0597
https://access.redhat.com/errata/RHSA-2020:0598
https://access.redhat.com/errata/RHSA-2020:0602
https://hackerone.com/reports/730779
https://nodejs.org/en/blog/release/v10.19.0/
https://nodejs.org/en/blog/release/v12.15.0/
https://nodejs.org/en/blog/release/v13.8.0/
https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/
https://security.gentoo.org/glsa/202003-48
https://security.netapp.com/advisory/ntap-20200221-0004/
https://www.debian.org/security/2020/dsa-4669
https://www.oracle.com/security-alerts/cpuapr2020.html
https://altsp.su/obnovleniya-bezopasnosti/
CWE
CWE-20, CWE-138, CWE-863
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Novell Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Node.js Foundation, Oracle Corp., \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "8 (Red Hat Enterprise Linux), 15.1 (OpenSUSE Leap), 10 (Debian GNU/Linux), \u043e\u0442 10.0.0 \u0434\u043e 10.19.0 (Node.js), \u043e\u0442 12.0.0 \u0434\u043e 12.15.0 (Node.js), \u043e\u0442 13.0.0 \u0434\u043e 13.8.0 (Node.js), 19.3.1 (GraalVM Enterprise Edition), 20.0.0 (GraalVM Enterprise Edition), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f Node.js:\nhttps://nodejs.org/en/blog/release/v10.19.0/\nhttps://nodejs.org/en/blog/release/v12.15.0/\nhttps://nodejs.org/en/blog/release/v13.8.0/\nhttps://nodejs.org/en/blog/vulnerability/february-2020-security-releases/\n\n\u0414\u043b\u044f OpenSUSE:\nhttps://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html\n\n\u0414\u043b\u044f Oracle:\nhttps://www.oracle.com/security-alerts/cpuapr2020.html\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://www.debian.org/security/2020/dsa-4669\n\n\u0414\u043b\u044f Red Hat:\nhttps://access.redhat.com/security/cve/CVE-2019-15606?extIdCarryOver=true\u0026sc_cid=701f2000001OH7JAAW\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "06.02.2020",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "02.06.2020",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-02545",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-15606",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, OpenSUSE Leap, Debian GNU/Linux, Node.js, GraalVM Enterprise Edition, \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 8 , Novell Inc. OpenSUSE Leap 15.1 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b\u00a0Node.js, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u043e\u0432 HTTP, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435\u043c",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20), \u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0435 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432 (CWE-138), \u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u044f (CWE-863)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Node.js \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u043e\u0432 HTTP. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435\u043c \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043c\u043d\u043e\u0433\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html \nhttps://access.redhat.com/errata/RHSA-2020:0573 \nhttps://access.redhat.com/errata/RHSA-2020:0579 \nhttps://access.redhat.com/errata/RHSA-2020:0597 \nhttps://access.redhat.com/errata/RHSA-2020:0598 \nhttps://access.redhat.com/errata/RHSA-2020:0602 \nhttps://hackerone.com/reports/730779 \nhttps://nodejs.org/en/blog/release/v10.19.0/ \nhttps://nodejs.org/en/blog/release/v12.15.0/ \nhttps://nodejs.org/en/blog/release/v13.8.0/ \nhttps://nodejs.org/en/blog/vulnerability/february-2020-security-releases/ \nhttps://security.gentoo.org/glsa/202003-48 \nhttps://security.netapp.com/advisory/ntap-20200221-0004/ \nhttps://www.debian.org/security/2020/dsa-4669 \nhttps://www.oracle.com/security-alerts/cpuapr2020.html\nhttps://altsp.su/obnovleniya-bezopasnosti/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20, CWE-138, CWE-863",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}
cleanstart-2026-bd71263
Vulnerability from cleanstart
Published
2026-04-01 09:17
Modified
2026-03-26 17:04
Summary
Security fixes for CVE-2017-14919, CVE-2017-15896, CVE-2018-0734, CVE-2018-0735, CVE-2018-1000168, CVE-2018-12121, CVE-2018-12122, CVE-2018-7160, CVE-2018-7161, CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2019-5737, CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518, CVE-2020-11080, CVE-2020-7774, CVE-2020-8172, CVE-2020-8174, CVE-2020-8201, CVE-2020-8252, CVE-2020-8265, CVE-2020-8277, CVE-2020-8287, CVE-2021-21148, CVE-2021-22930, CVE-2021-22931, CVE-2021-22959, CVE-2021-22960, CVE-2021-3672, CVE-2021-43803, CVE-2021-44531, CVE-2021-44532, CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-35255, CVE-2022-35256, CVE-2022-3602, CVE-2022-43548, CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807, CVE-2023-39333, CVE-2023-44487, CVE-2024-22018, CVE-2024-22020, CVE-2024-27982, CVE-2024-27983, CVE-2024-36138, CVE-2024-37372 applied in versions: 10.14.0-r0, 10.15.3-r0, 10.16.3-r0, 12.15.0-r0, 12.18.0-r0, 12.18.4-r0, 14.15.1-r0, 14.15.4-r0, 14.15.5-r0, 14.16.0-r0, 14.16.1-r0, 14.17.4-r0, 14.17.5-r0, 14.17.6-r0, 14.18.1-r0, 16.13.2-r0, 16.17.1-r0, 18.12.1-r0, 18.14.1-r0, 18.17.1-r0, 18.18.2-r0, 20.12.1-r0, 20.15.1-r0, 6.11.1-r0, 6.11.5-r0, 8.11.0-r0, 8.11.3-r0, 8.11.4-r0, 8.9.3-r0
Details
Multiple security vulnerabilities affect the nodejs package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "nodejs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.9.3-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the nodejs package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-BD71263",
"modified": "2026-03-26T17:04:08Z",
"published": "2026-04-01T09:17:26.065920Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-BD71263.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-37372"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37372"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2017-14919, CVE-2017-15896, CVE-2018-0734, CVE-2018-0735, CVE-2018-1000168, CVE-2018-12121, CVE-2018-12122, CVE-2018-7160, CVE-2018-7161, CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2019-5737, CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518, CVE-2020-11080, CVE-2020-7774, CVE-2020-8172, CVE-2020-8174, CVE-2020-8201, CVE-2020-8252, CVE-2020-8265, CVE-2020-8277, CVE-2020-8287, CVE-2021-21148, CVE-2021-22930, CVE-2021-22931, CVE-2021-22959, CVE-2021-22960, CVE-2021-3672, CVE-2021-43803, CVE-2021-44531, CVE-2021-44532, CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-35255, CVE-2022-35256, CVE-2022-3602, CVE-2022-43548, CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807, CVE-2023-39333, CVE-2023-44487, CVE-2024-22018, CVE-2024-22020, CVE-2024-27982, CVE-2024-27983, CVE-2024-36138, CVE-2024-37372 applied in versions: 10.14.0-r0, 10.15.3-r0, 10.16.3-r0, 12.15.0-r0, 12.18.0-r0, 12.18.4-r0, 14.15.1-r0, 14.15.4-r0, 14.15.5-r0, 14.16.0-r0, 14.16.1-r0, 14.17.4-r0, 14.17.5-r0, 14.17.6-r0, 14.18.1-r0, 16.13.2-r0, 16.17.1-r0, 18.12.1-r0, 18.14.1-r0, 18.17.1-r0, 18.18.2-r0, 20.12.1-r0, 20.15.1-r0, 6.11.1-r0, 6.11.5-r0, 8.11.0-r0, 8.11.3-r0, 8.11.4-r0, 8.9.3-r0",
"upstream": [
"CVE-2017-14919",
"CVE-2017-15896",
"CVE-2018-0734",
"CVE-2018-0735",
"CVE-2018-1000168",
"CVE-2018-12121",
"CVE-2018-12122",
"CVE-2018-7160",
"CVE-2018-7161",
"CVE-2019-15604",
"CVE-2019-15605",
"CVE-2019-15606",
"CVE-2019-5737",
"CVE-2019-9511",
"CVE-2019-9512",
"CVE-2019-9513",
"CVE-2019-9514",
"CVE-2019-9515",
"CVE-2019-9516",
"CVE-2019-9517",
"CVE-2019-9518",
"CVE-2020-11080",
"CVE-2020-7774",
"CVE-2020-8172",
"CVE-2020-8174",
"CVE-2020-8201",
"CVE-2020-8252",
"CVE-2020-8265",
"CVE-2020-8277",
"CVE-2020-8287",
"CVE-2021-21148",
"CVE-2021-22930",
"CVE-2021-22931",
"CVE-2021-22959",
"CVE-2021-22960",
"CVE-2021-3672",
"CVE-2021-43803",
"CVE-2021-44531",
"CVE-2021-44532",
"CVE-2022-32212",
"CVE-2022-32213",
"CVE-2022-32214",
"CVE-2022-32215",
"CVE-2022-35255",
"CVE-2022-35256",
"CVE-2022-3602",
"CVE-2022-43548",
"CVE-2023-23918",
"CVE-2023-23919",
"CVE-2023-23920",
"CVE-2023-23936",
"CVE-2023-24807",
"CVE-2023-39333",
"CVE-2023-44487",
"CVE-2024-22018",
"CVE-2024-22020",
"CVE-2024-27982",
"CVE-2024-27983",
"CVE-2024-36138",
"CVE-2024-37372"
]
}
cleanstart-2026-is74202
Vulnerability from cleanstart
Published
2026-04-01 09:09
Modified
2026-03-31 04:38
Summary
Security fixes for CVE-2017-14919, CVE-2017-15896, CVE-2018-0734, CVE-2018-0735, CVE-2018-1000168, CVE-2018-12121, CVE-2018-12122, CVE-2018-7160, CVE-2018-7161, CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2019-5737, CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518, CVE-2020-11080, CVE-2020-7774, CVE-2020-8172, CVE-2020-8174, CVE-2020-8201, CVE-2020-8252, CVE-2020-8265, CVE-2020-8277, CVE-2020-8287, CVE-2021-21148, CVE-2021-22930, CVE-2021-22931, CVE-2021-22959, CVE-2021-22960, CVE-2021-3672, CVE-2021-43803, CVE-2021-44531, CVE-2021-44532, CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-35255, CVE-2022-35256, CVE-2022-3602, CVE-2022-43548, CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807, CVE-2023-39333, CVE-2023-44487, CVE-2024-22018, CVE-2024-22020, CVE-2024-27982, CVE-2024-27983, CVE-2024-36138, CVE-2024-37372 applied in versions: 10.14.0-r0, 10.15.3-r0, 10.16.3-r0, 12.15.0-r0, 12.18.0-r0, 12.18.4-r0, 14.15.1-r0, 14.15.4-r0, 14.15.5-r0, 14.16.0-r0, 14.16.1-r0, 14.17.4-r0, 14.17.5-r0, 14.17.6-r0, 14.18.1-r0, 16.13.2-r0, 16.17.1-r0, 18.12.1-r0, 18.14.1-r0, 18.17.1-r0, 18.18.2-r0, 20.12.1-r0, 20.15.1-r0, 6.11.1-r0, 6.11.5-r0, 8.11.0-r0, 8.11.3-r0, 8.11.4-r0, 8.9.3-r0
Details
Multiple security vulnerabilities affect the nodejs package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "nodejs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.9.3-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the nodejs package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-IS74202",
"modified": "2026-03-31T04:38:08Z",
"published": "2026-04-01T09:09:55.185988Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-IS74202.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-37372"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37372"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2017-14919, CVE-2017-15896, CVE-2018-0734, CVE-2018-0735, CVE-2018-1000168, CVE-2018-12121, CVE-2018-12122, CVE-2018-7160, CVE-2018-7161, CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2019-5737, CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518, CVE-2020-11080, CVE-2020-7774, CVE-2020-8172, CVE-2020-8174, CVE-2020-8201, CVE-2020-8252, CVE-2020-8265, CVE-2020-8277, CVE-2020-8287, CVE-2021-21148, CVE-2021-22930, CVE-2021-22931, CVE-2021-22959, CVE-2021-22960, CVE-2021-3672, CVE-2021-43803, CVE-2021-44531, CVE-2021-44532, CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-35255, CVE-2022-35256, CVE-2022-3602, CVE-2022-43548, CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807, CVE-2023-39333, CVE-2023-44487, CVE-2024-22018, CVE-2024-22020, CVE-2024-27982, CVE-2024-27983, CVE-2024-36138, CVE-2024-37372 applied in versions: 10.14.0-r0, 10.15.3-r0, 10.16.3-r0, 12.15.0-r0, 12.18.0-r0, 12.18.4-r0, 14.15.1-r0, 14.15.4-r0, 14.15.5-r0, 14.16.0-r0, 14.16.1-r0, 14.17.4-r0, 14.17.5-r0, 14.17.6-r0, 14.18.1-r0, 16.13.2-r0, 16.17.1-r0, 18.12.1-r0, 18.14.1-r0, 18.17.1-r0, 18.18.2-r0, 20.12.1-r0, 20.15.1-r0, 6.11.1-r0, 6.11.5-r0, 8.11.0-r0, 8.11.3-r0, 8.11.4-r0, 8.9.3-r0",
"upstream": [
"CVE-2017-14919",
"CVE-2017-15896",
"CVE-2018-0734",
"CVE-2018-0735",
"CVE-2018-1000168",
"CVE-2018-12121",
"CVE-2018-12122",
"CVE-2018-7160",
"CVE-2018-7161",
"CVE-2019-15604",
"CVE-2019-15605",
"CVE-2019-15606",
"CVE-2019-5737",
"CVE-2019-9511",
"CVE-2019-9512",
"CVE-2019-9513",
"CVE-2019-9514",
"CVE-2019-9515",
"CVE-2019-9516",
"CVE-2019-9517",
"CVE-2019-9518",
"CVE-2020-11080",
"CVE-2020-7774",
"CVE-2020-8172",
"CVE-2020-8174",
"CVE-2020-8201",
"CVE-2020-8252",
"CVE-2020-8265",
"CVE-2020-8277",
"CVE-2020-8287",
"CVE-2021-21148",
"CVE-2021-22930",
"CVE-2021-22931",
"CVE-2021-22959",
"CVE-2021-22960",
"CVE-2021-3672",
"CVE-2021-43803",
"CVE-2021-44531",
"CVE-2021-44532",
"CVE-2022-32212",
"CVE-2022-32213",
"CVE-2022-32214",
"CVE-2022-32215",
"CVE-2022-35255",
"CVE-2022-35256",
"CVE-2022-3602",
"CVE-2022-43548",
"CVE-2023-23918",
"CVE-2023-23919",
"CVE-2023-23920",
"CVE-2023-23936",
"CVE-2023-24807",
"CVE-2023-39333",
"CVE-2023-44487",
"CVE-2024-22018",
"CVE-2024-22020",
"CVE-2024-27982",
"CVE-2024-27983",
"CVE-2024-36138",
"CVE-2024-37372"
]
}
cleanstart-2026-jr35772
Vulnerability from cleanstart
Published
2026-04-01 09:17
Modified
2026-03-26 15:01
Summary
Security fixes for CVE-2017-14919, CVE-2017-15896, CVE-2018-0734, CVE-2018-0735, CVE-2018-1000168, CVE-2018-12121, CVE-2018-12122, CVE-2018-7160, CVE-2018-7161, CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2019-5737, CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518, CVE-2020-11080, CVE-2020-7774, CVE-2020-8172, CVE-2020-8174, CVE-2020-8201, CVE-2020-8252, CVE-2020-8265, CVE-2020-8277, CVE-2020-8287, CVE-2021-21148, CVE-2021-22930, CVE-2021-22931, CVE-2021-22959, CVE-2021-22960, CVE-2021-3672, CVE-2021-43803, CVE-2021-44531, CVE-2021-44532, CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-35255, CVE-2022-35256, CVE-2022-3602, CVE-2022-43548, CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807, CVE-2023-39333, CVE-2023-44487, CVE-2024-22018, CVE-2024-22020, CVE-2024-27982, CVE-2024-27983, CVE-2024-36138, CVE-2024-37372 applied in versions: 10.14.0-r0, 10.15.3-r0, 10.16.3-r0, 12.15.0-r0, 12.18.0-r0, 12.18.4-r0, 14.15.1-r0, 14.15.4-r0, 14.15.5-r0, 14.16.0-r0, 14.16.1-r0, 14.17.4-r0, 14.17.5-r0, 14.17.6-r0, 14.18.1-r0, 16.13.2-r0, 16.17.1-r0, 18.12.1-r0, 18.14.1-r0, 18.17.1-r0, 18.18.2-r0, 20.12.1-r0, 20.15.1-r0, 6.11.1-r0, 6.11.5-r0, 8.11.0-r0, 8.11.3-r0, 8.11.4-r0, 8.9.3-r0
Details
Multiple security vulnerabilities affect the nodejs package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "nodejs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.9.3-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the nodejs package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-JR35772",
"modified": "2026-03-26T15:01:29Z",
"published": "2026-04-01T09:17:37.864227Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-JR35772.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-37372"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37372"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2017-14919, CVE-2017-15896, CVE-2018-0734, CVE-2018-0735, CVE-2018-1000168, CVE-2018-12121, CVE-2018-12122, CVE-2018-7160, CVE-2018-7161, CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2019-5737, CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518, CVE-2020-11080, CVE-2020-7774, CVE-2020-8172, CVE-2020-8174, CVE-2020-8201, CVE-2020-8252, CVE-2020-8265, CVE-2020-8277, CVE-2020-8287, CVE-2021-21148, CVE-2021-22930, CVE-2021-22931, CVE-2021-22959, CVE-2021-22960, CVE-2021-3672, CVE-2021-43803, CVE-2021-44531, CVE-2021-44532, CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-35255, CVE-2022-35256, CVE-2022-3602, CVE-2022-43548, CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807, CVE-2023-39333, CVE-2023-44487, CVE-2024-22018, CVE-2024-22020, CVE-2024-27982, CVE-2024-27983, CVE-2024-36138, CVE-2024-37372 applied in versions: 10.14.0-r0, 10.15.3-r0, 10.16.3-r0, 12.15.0-r0, 12.18.0-r0, 12.18.4-r0, 14.15.1-r0, 14.15.4-r0, 14.15.5-r0, 14.16.0-r0, 14.16.1-r0, 14.17.4-r0, 14.17.5-r0, 14.17.6-r0, 14.18.1-r0, 16.13.2-r0, 16.17.1-r0, 18.12.1-r0, 18.14.1-r0, 18.17.1-r0, 18.18.2-r0, 20.12.1-r0, 20.15.1-r0, 6.11.1-r0, 6.11.5-r0, 8.11.0-r0, 8.11.3-r0, 8.11.4-r0, 8.9.3-r0",
"upstream": [
"CVE-2017-14919",
"CVE-2017-15896",
"CVE-2018-0734",
"CVE-2018-0735",
"CVE-2018-1000168",
"CVE-2018-12121",
"CVE-2018-12122",
"CVE-2018-7160",
"CVE-2018-7161",
"CVE-2019-15604",
"CVE-2019-15605",
"CVE-2019-15606",
"CVE-2019-5737",
"CVE-2019-9511",
"CVE-2019-9512",
"CVE-2019-9513",
"CVE-2019-9514",
"CVE-2019-9515",
"CVE-2019-9516",
"CVE-2019-9517",
"CVE-2019-9518",
"CVE-2020-11080",
"CVE-2020-7774",
"CVE-2020-8172",
"CVE-2020-8174",
"CVE-2020-8201",
"CVE-2020-8252",
"CVE-2020-8265",
"CVE-2020-8277",
"CVE-2020-8287",
"CVE-2021-21148",
"CVE-2021-22930",
"CVE-2021-22931",
"CVE-2021-22959",
"CVE-2021-22960",
"CVE-2021-3672",
"CVE-2021-43803",
"CVE-2021-44531",
"CVE-2021-44532",
"CVE-2022-32212",
"CVE-2022-32213",
"CVE-2022-32214",
"CVE-2022-32215",
"CVE-2022-35255",
"CVE-2022-35256",
"CVE-2022-3602",
"CVE-2022-43548",
"CVE-2023-23918",
"CVE-2023-23919",
"CVE-2023-23920",
"CVE-2023-23936",
"CVE-2023-24807",
"CVE-2023-39333",
"CVE-2023-44487",
"CVE-2024-22018",
"CVE-2024-22020",
"CVE-2024-27982",
"CVE-2024-27983",
"CVE-2024-36138",
"CVE-2024-37372"
]
}
cleanstart-2026-jy06700
Vulnerability from cleanstart
Published
2026-02-27 01:09
Modified
2026-02-26 12:09
Summary
vulnerability has been identified in Node
Details
Multiple security vulnerabilities affect the nodejs package. A vulnerability has been identified in Node. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "nodejs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.9.3-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the nodejs package. A vulnerability has been identified in Node. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-JY06700",
"modified": "2026-02-26T12:09:56Z",
"published": "2026-02-27T01:09:46.914639Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-JY06700"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-37372"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37372"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "vulnerability has been identified in Node",
"upstream": [
"CVE-2017-14919",
"CVE-2017-15896",
"CVE-2018-0734",
"CVE-2018-0735",
"CVE-2018-1000168",
"CVE-2018-12121",
"CVE-2018-12122",
"CVE-2018-7160",
"CVE-2018-7161",
"CVE-2019-15604",
"CVE-2019-15605",
"CVE-2019-15606",
"CVE-2019-5737",
"CVE-2019-9511",
"CVE-2019-9512",
"CVE-2019-9513",
"CVE-2019-9514",
"CVE-2019-9515",
"CVE-2019-9516",
"CVE-2019-9517",
"CVE-2019-9518",
"CVE-2020-11080",
"CVE-2020-7774",
"CVE-2020-8172",
"CVE-2020-8174",
"CVE-2020-8201",
"CVE-2020-8252",
"CVE-2020-8265",
"CVE-2020-8277",
"CVE-2020-8287",
"CVE-2021-21148",
"CVE-2021-22930",
"CVE-2021-22931",
"CVE-2021-22959",
"CVE-2021-22960",
"CVE-2021-3672",
"CVE-2021-43803",
"CVE-2021-44531",
"CVE-2021-44532",
"CVE-2022-32212",
"CVE-2022-32213",
"CVE-2022-32214",
"CVE-2022-32215",
"CVE-2022-35255",
"CVE-2022-35256",
"CVE-2022-3602",
"CVE-2022-43548",
"CVE-2023-23918",
"CVE-2023-23919",
"CVE-2023-23920",
"CVE-2023-23936",
"CVE-2023-24807",
"CVE-2023-39333",
"CVE-2023-44487",
"CVE-2024-22018",
"CVE-2024-22020",
"CVE-2024-27982",
"CVE-2024-27983",
"CVE-2024-36138",
"CVE-2024-37372"
]
}
cleanstart-2026-kn34553
Vulnerability from cleanstart
Published
2026-02-19 00:58
Modified
2026-02-18 09:40
Summary
vulnerability has been identified in Node
Details
Multiple security vulnerabilities affect the nodejs package. A vulnerability has been identified in Node. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "nodejs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.9.3-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the nodejs package. A vulnerability has been identified in Node. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-KN34553",
"modified": "2026-02-18T09:40:19Z",
"published": "2026-02-19T00:58:48.926519Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-KN34553"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-37372"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37372"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "vulnerability has been identified in Node",
"upstream": [
"CVE-2017-14919",
"CVE-2017-15896",
"CVE-2018-0734",
"CVE-2018-0735",
"CVE-2018-1000168",
"CVE-2018-12121",
"CVE-2018-12122",
"CVE-2018-7160",
"CVE-2018-7161",
"CVE-2019-15604",
"CVE-2019-15605",
"CVE-2019-15606",
"CVE-2019-5737",
"CVE-2019-9511",
"CVE-2019-9512",
"CVE-2019-9513",
"CVE-2019-9514",
"CVE-2019-9515",
"CVE-2019-9516",
"CVE-2019-9517",
"CVE-2019-9518",
"CVE-2020-11080",
"CVE-2020-7774",
"CVE-2020-8172",
"CVE-2020-8174",
"CVE-2020-8201",
"CVE-2020-8252",
"CVE-2020-8265",
"CVE-2020-8277",
"CVE-2020-8287",
"CVE-2021-21148",
"CVE-2021-22930",
"CVE-2021-22931",
"CVE-2021-22959",
"CVE-2021-22960",
"CVE-2021-3672",
"CVE-2021-43803",
"CVE-2021-44531",
"CVE-2021-44532",
"CVE-2022-32212",
"CVE-2022-32213",
"CVE-2022-32214",
"CVE-2022-32215",
"CVE-2022-35255",
"CVE-2022-35256",
"CVE-2022-3602",
"CVE-2022-43548",
"CVE-2023-23918",
"CVE-2023-23919",
"CVE-2023-23920",
"CVE-2023-23936",
"CVE-2023-24807",
"CVE-2023-39333",
"CVE-2023-44487",
"CVE-2024-22018",
"CVE-2024-22020",
"CVE-2024-27982",
"CVE-2024-27983",
"CVE-2024-36138",
"CVE-2024-37372"
]
}
cleanstart-2026-kz45320
Vulnerability from cleanstart
Published
2026-04-01 09:16
Modified
2026-03-26 18:22
Summary
Security fixes for CVE-2017-14919, CVE-2017-15896, CVE-2018-0734, CVE-2018-0735, CVE-2018-1000168, CVE-2018-12121, CVE-2018-12122, CVE-2018-7160, CVE-2018-7161, CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2019-5737, CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518, CVE-2020-11080, CVE-2020-7774, CVE-2020-8172, CVE-2020-8174, CVE-2020-8201, CVE-2020-8252, CVE-2020-8265, CVE-2020-8277, CVE-2020-8287, CVE-2021-21148, CVE-2021-22930, CVE-2021-22931, CVE-2021-22959, CVE-2021-22960, CVE-2021-3672, CVE-2021-43803, CVE-2021-44531, CVE-2021-44532, CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-35255, CVE-2022-35256, CVE-2022-3602, CVE-2022-43548, CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807, CVE-2023-39333, CVE-2023-44487, CVE-2024-22018, CVE-2024-22020, CVE-2024-27982, CVE-2024-27983, CVE-2024-36138, CVE-2024-37372 applied in versions: 10.14.0-r0, 10.15.3-r0, 10.16.3-r0, 12.15.0-r0, 12.18.0-r0, 12.18.4-r0, 14.15.1-r0, 14.15.4-r0, 14.15.5-r0, 14.16.0-r0, 14.16.1-r0, 14.17.4-r0, 14.17.5-r0, 14.17.6-r0, 14.18.1-r0, 16.13.2-r0, 16.17.1-r0, 18.12.1-r0, 18.14.1-r0, 18.17.1-r0, 18.18.2-r0, 20.12.1-r0, 20.15.1-r0, 6.11.1-r0, 6.11.5-r0, 8.11.0-r0, 8.11.3-r0, 8.11.4-r0, 8.9.3-r0
Details
Multiple security vulnerabilities affect the nodejs package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "nodejs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.9.3-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the nodejs package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-KZ45320",
"modified": "2026-03-26T18:22:34Z",
"published": "2026-04-01T09:16:45.727713Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-KZ45320.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-37372"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37372"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2017-14919, CVE-2017-15896, CVE-2018-0734, CVE-2018-0735, CVE-2018-1000168, CVE-2018-12121, CVE-2018-12122, CVE-2018-7160, CVE-2018-7161, CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2019-5737, CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518, CVE-2020-11080, CVE-2020-7774, CVE-2020-8172, CVE-2020-8174, CVE-2020-8201, CVE-2020-8252, CVE-2020-8265, CVE-2020-8277, CVE-2020-8287, CVE-2021-21148, CVE-2021-22930, CVE-2021-22931, CVE-2021-22959, CVE-2021-22960, CVE-2021-3672, CVE-2021-43803, CVE-2021-44531, CVE-2021-44532, CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-35255, CVE-2022-35256, CVE-2022-3602, CVE-2022-43548, CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807, CVE-2023-39333, CVE-2023-44487, CVE-2024-22018, CVE-2024-22020, CVE-2024-27982, CVE-2024-27983, CVE-2024-36138, CVE-2024-37372 applied in versions: 10.14.0-r0, 10.15.3-r0, 10.16.3-r0, 12.15.0-r0, 12.18.0-r0, 12.18.4-r0, 14.15.1-r0, 14.15.4-r0, 14.15.5-r0, 14.16.0-r0, 14.16.1-r0, 14.17.4-r0, 14.17.5-r0, 14.17.6-r0, 14.18.1-r0, 16.13.2-r0, 16.17.1-r0, 18.12.1-r0, 18.14.1-r0, 18.17.1-r0, 18.18.2-r0, 20.12.1-r0, 20.15.1-r0, 6.11.1-r0, 6.11.5-r0, 8.11.0-r0, 8.11.3-r0, 8.11.4-r0, 8.9.3-r0",
"upstream": [
"CVE-2017-14919",
"CVE-2017-15896",
"CVE-2018-0734",
"CVE-2018-0735",
"CVE-2018-1000168",
"CVE-2018-12121",
"CVE-2018-12122",
"CVE-2018-7160",
"CVE-2018-7161",
"CVE-2019-15604",
"CVE-2019-15605",
"CVE-2019-15606",
"CVE-2019-5737",
"CVE-2019-9511",
"CVE-2019-9512",
"CVE-2019-9513",
"CVE-2019-9514",
"CVE-2019-9515",
"CVE-2019-9516",
"CVE-2019-9517",
"CVE-2019-9518",
"CVE-2020-11080",
"CVE-2020-7774",
"CVE-2020-8172",
"CVE-2020-8174",
"CVE-2020-8201",
"CVE-2020-8252",
"CVE-2020-8265",
"CVE-2020-8277",
"CVE-2020-8287",
"CVE-2021-21148",
"CVE-2021-22930",
"CVE-2021-22931",
"CVE-2021-22959",
"CVE-2021-22960",
"CVE-2021-3672",
"CVE-2021-43803",
"CVE-2021-44531",
"CVE-2021-44532",
"CVE-2022-32212",
"CVE-2022-32213",
"CVE-2022-32214",
"CVE-2022-32215",
"CVE-2022-35255",
"CVE-2022-35256",
"CVE-2022-3602",
"CVE-2022-43548",
"CVE-2023-23918",
"CVE-2023-23919",
"CVE-2023-23920",
"CVE-2023-23936",
"CVE-2023-24807",
"CVE-2023-39333",
"CVE-2023-44487",
"CVE-2024-22018",
"CVE-2024-22020",
"CVE-2024-27982",
"CVE-2024-27983",
"CVE-2024-36138",
"CVE-2024-37372"
]
}
cleanstart-2026-ln12820
Vulnerability from cleanstart
Published
2026-02-19 00:58
Modified
2026-02-18 09:40
Summary
vulnerability has been identified in Node
Details
Multiple security vulnerabilities affect the nodejs package. A vulnerability has been identified in Node. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "nodejs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.9.3-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the nodejs package. A vulnerability has been identified in Node. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-LN12820",
"modified": "2026-02-18T09:40:19Z",
"published": "2026-02-19T00:58:49.154512Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-LN12820"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-37372"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37372"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "vulnerability has been identified in Node",
"upstream": [
"CVE-2017-14919",
"CVE-2017-15896",
"CVE-2018-0734",
"CVE-2018-0735",
"CVE-2018-1000168",
"CVE-2018-12121",
"CVE-2018-12122",
"CVE-2018-7160",
"CVE-2018-7161",
"CVE-2019-15604",
"CVE-2019-15605",
"CVE-2019-15606",
"CVE-2019-5737",
"CVE-2019-9511",
"CVE-2019-9512",
"CVE-2019-9513",
"CVE-2019-9514",
"CVE-2019-9515",
"CVE-2019-9516",
"CVE-2019-9517",
"CVE-2019-9518",
"CVE-2020-11080",
"CVE-2020-7774",
"CVE-2020-8172",
"CVE-2020-8174",
"CVE-2020-8201",
"CVE-2020-8252",
"CVE-2020-8265",
"CVE-2020-8277",
"CVE-2020-8287",
"CVE-2021-21148",
"CVE-2021-22930",
"CVE-2021-22931",
"CVE-2021-22959",
"CVE-2021-22960",
"CVE-2021-3672",
"CVE-2021-43803",
"CVE-2021-44531",
"CVE-2021-44532",
"CVE-2022-32212",
"CVE-2022-32213",
"CVE-2022-32214",
"CVE-2022-32215",
"CVE-2022-35255",
"CVE-2022-35256",
"CVE-2022-3602",
"CVE-2022-43548",
"CVE-2023-23918",
"CVE-2023-23919",
"CVE-2023-23920",
"CVE-2023-23936",
"CVE-2023-24807",
"CVE-2023-39333",
"CVE-2023-44487",
"CVE-2024-22018",
"CVE-2024-22020",
"CVE-2024-27982",
"CVE-2024-27983",
"CVE-2024-36138",
"CVE-2024-37372"
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…