VulnerableCode Package Details - pkg:rpm/redhat/rh-nodejs14-nodejs@14.21.3-2?arch=el7

Search for packages

Vulnerability	Summary	Fixed by
VCID-532v-5mum-qkdf Aliases: CVE-2022-38900 GHSA-w573-4hg7-7wgq	decode-uri-component vulnerable to Denial of Service (DoS) decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.	There are no reported fixed by versions.
VCID-5vh6-usw6-2qhy Aliases: CVE-2022-4904	Improper Input Validation A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.	There are no reported fixed by versions.
VCID-7nnu-jtjx-u3ff Aliases: CVE-2023-23918	Node.js: Permissions policies can be bypassed via process.mainModule	There are no reported fixed by versions.
VCID-hnjv-fp2r-vqfq Aliases: CVE-2023-23920	Node.js: insecure loading of ICU data through ICU_DATA environment variable	There are no reported fixed by versions.
VCID-m78y-81wr-y3cz Aliases: CVE-2022-25881 GHSA-rc47-6667-2j5j	http-cache-semantics vulnerable to Regular Expression Denial of Service http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-532v-5mum-qkdf
Aliases:
CVE-2022-38900
GHSA-w573-4hg7-7wgq

decode-uri-component vulnerable to Denial of Service (DoS) decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.