- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 202405-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low
    Title: Node.js: Multiple Vulnerabilities
     Date: May 08, 2024
     Bugs: #772422, #781704, #800986, #805053, #807775, #811273, #817938, #831037, #835615, #857111, #865627, #872692, #879617, #918086, #918614
       ID: 202405-29

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======
Multiple vulnerabilities have been discovered in Node.js.

Background
=========
Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine.

Affected packages
================
Package          Vulnerable    Unaffected
---------------  ------------  ------------
net-libs/nodejs  < 16.20.2     >= 16.20.2

Description
==========
Multiple vulnerabilities have been discovered in Node.js. Please review
the CVE identifiers referenced below for details.

Impact
=====
Please review the referenced CVE identifiers for details.

Workaround
=========
There is no known workaround at this time.

Resolution
=========
All Node.js 20 users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=net-libs/nodejs-20.5.1"

All Node.js 18 users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=net-libs/nodejs-18.17.1"

All Node.js 16 users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=net-libs/nodejs-16.20.2"

References
=========
[ 1 ] CVE-2020-7774
      https://nvd.nist.gov/vuln/detail/CVE-2020-7774
[ 2 ] CVE-2021-3672
      https://nvd.nist.gov/vuln/detail/CVE-2021-3672
[ 3 ] CVE-2021-22883
      https://nvd.nist.gov/vuln/detail/CVE-2021-22883
[ 4 ] CVE-2021-22884
      https://nvd.nist.gov/vuln/detail/CVE-2021-22884
[ 5 ] CVE-2021-22918
      https://nvd.nist.gov/vuln/detail/CVE-2021-22918
[ 6 ] CVE-2021-22930
      https://nvd.nist.gov/vuln/detail/CVE-2021-22930
[ 7 ] CVE-2021-22931
      https://nvd.nist.gov/vuln/detail/CVE-2021-22931
[ 8 ] CVE-2021-22939
      https://nvd.nist.gov/vuln/detail/CVE-2021-22939
[ 9 ] CVE-2021-22940
      https://nvd.nist.gov/vuln/detail/CVE-2021-22940
[ 10 ] CVE-2021-22959
      https://nvd.nist.gov/vuln/detail/CVE-2021-22959
[ 11 ] CVE-2021-22960
      https://nvd.nist.gov/vuln/detail/CVE-2021-22960
[ 12 ] CVE-2021-37701
      https://nvd.nist.gov/vuln/detail/CVE-2021-37701
[ 13 ] CVE-2021-37712
      https://nvd.nist.gov/vuln/detail/CVE-2021-37712
[ 14 ] CVE-2021-39134
      https://nvd.nist.gov/vuln/detail/CVE-2021-39134
[ 15 ] CVE-2021-39135
      https://nvd.nist.gov/vuln/detail/CVE-2021-39135
[ 16 ] CVE-2021-44531
      https://nvd.nist.gov/vuln/detail/CVE-2021-44531
[ 17 ] CVE-2021-44532
      https://nvd.nist.gov/vuln/detail/CVE-2021-44532
[ 18 ] CVE-2021-44533
      https://nvd.nist.gov/vuln/detail/CVE-2021-44533
[ 19 ] CVE-2022-0778
      https://nvd.nist.gov/vuln/detail/CVE-2022-0778
[ 20 ] CVE-2022-3602
      https://nvd.nist.gov/vuln/detail/CVE-2022-3602
[ 21 ] CVE-2022-3786
      https://nvd.nist.gov/vuln/detail/CVE-2022-3786
[ 22 ] CVE-2022-21824
      https://nvd.nist.gov/vuln/detail/CVE-2022-21824
[ 23 ] CVE-2022-32212
      https://nvd.nist.gov/vuln/detail/CVE-2022-32212
[ 24 ] CVE-2022-32213
      https://nvd.nist.gov/vuln/detail/CVE-2022-32213
[ 25 ] CVE-2022-32214
      https://nvd.nist.gov/vuln/detail/CVE-2022-32214
[ 26 ] CVE-2022-32215
      https://nvd.nist.gov/vuln/detail/CVE-2022-32215
[ 27 ] CVE-2022-32222
      https://nvd.nist.gov/vuln/detail/CVE-2022-32222
[ 28 ] CVE-2022-35255
      https://nvd.nist.gov/vuln/detail/CVE-2022-35255
[ 29 ] CVE-2022-35256
      https://nvd.nist.gov/vuln/detail/CVE-2022-35256
[ 30 ] CVE-2022-35948
      https://nvd.nist.gov/vuln/detail/CVE-2022-35948
[ 31 ] CVE-2022-35949
      https://nvd.nist.gov/vuln/detail/CVE-2022-35949
[ 32 ] CVE-2022-43548
      https://nvd.nist.gov/vuln/detail/CVE-2022-43548
[ 33 ] CVE-2023-30581
      https://nvd.nist.gov/vuln/detail/CVE-2023-30581
[ 34 ] CVE-2023-30582
      https://nvd.nist.gov/vuln/detail/CVE-2023-30582
[ 35 ] CVE-2023-30583
      https://nvd.nist.gov/vuln/detail/CVE-2023-30583
[ 36 ] CVE-2023-30584
      https://nvd.nist.gov/vuln/detail/CVE-2023-30584
[ 37 ] CVE-2023-30586
      https://nvd.nist.gov/vuln/detail/CVE-2023-30586
[ 38 ] CVE-2023-30587
      https://nvd.nist.gov/vuln/detail/CVE-2023-30587
[ 39 ] CVE-2023-30588
      https://nvd.nist.gov/vuln/detail/CVE-2023-30588
[ 40 ] CVE-2023-30589
      https://nvd.nist.gov/vuln/detail/CVE-2023-30589
[ 41 ] CVE-2023-30590
      https://nvd.nist.gov/vuln/detail/CVE-2023-30590
[ 42 ] CVE-2023-32002
      https://nvd.nist.gov/vuln/detail/CVE-2023-32002
[ 43 ] CVE-2023-32003
      https://nvd.nist.gov/vuln/detail/CVE-2023-32003
[ 44 ] CVE-2023-32004
      https://nvd.nist.gov/vuln/detail/CVE-2023-32004
[ 45 ] CVE-2023-32005
      https://nvd.nist.gov/vuln/detail/CVE-2023-32005
[ 46 ] CVE-2023-32006
      https://nvd.nist.gov/vuln/detail/CVE-2023-32006
[ 47 ] CVE-2023-32558
      https://nvd.nist.gov/vuln/detail/CVE-2023-32558
[ 48 ] CVE-2023-32559
      https://nvd.nist.gov/vuln/detail/CVE-2023-32559

Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202405-29

Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
======
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5