Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…
EPSS 1.3%top 33%

Red Hat Security Advisory: nodejs:18 security update

0
High
Published: 05/09/2024 (05/09/2024, 06:30:11 UTC)
Source: GCVE Database
Vendor/Project: Red Hat Product Security
Product: Red Hat

Description

Red Hat has issued a security advisory for the nodejs:18 module addressing multiple vulnerabilities including denial of service (DoS) issues via CONTINUATION frames and the fetch() function, HTTP request smuggling through content length obfuscation, and an out-of-bounds read in the c-ares library. These vulnerabilities affect Red Hat Enterprise Linux 8 variants and related architectures. The advisory rates the security impact as Important and provides updated packages to remediate these issues.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 06/28/2026, 22:40:15 UTC

Technical Analysis

This advisory covers several security vulnerabilities in the Node.js 18 module and related components on Red Hat Enterprise Linux 8. The fixed issues include: a denial of service caused by CONTINUATION frames (CVE-2024-27983), a denial of service triggered by using the fetch() function to retrieve content from untrusted URLs (CVE-2024-22025), HTTP request smuggling via content length obfuscation (CVE-2024-27982), a CONTINUATION frames DoS in nghttp2 (CVE-2024-28182), and an out-of-bounds read in the c-ares library (CVE-2024-25629). Red Hat has released updated packages for multiple architectures and variants of RHEL 8 to address these vulnerabilities. The advisory references the Red Hat article for update instructions and lists bugzilla entries for each fix.

Potential Impact

The vulnerabilities collectively allow denial of service conditions and memory safety issues that could disrupt Node.js applications or services relying on affected components. Specifically, denial of service can be triggered by malformed HTTP/2 CONTINUATION frames, untrusted URL fetches, and HTTP request smuggling techniques. The out-of-bounds read in c-ares could lead to crashes or potential information disclosure. These impacts affect the availability and reliability of applications using the vulnerable Node.js 18 module on Red Hat Enterprise Linux 8.

Mitigation Recommendations

Red Hat has released updated nodejs:18 packages for Red Hat Enterprise Linux 8 and its variants that address these vulnerabilities. Users should apply the security update RHSA-2024:2780 promptly by following the instructions in the Red Hat advisory at https://access.redhat.com/articles/11258. Applying the official update is the recommended remediation. No additional mitigations are specified or required beyond installing the provided patches.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Gcve Source
db.gcve.eu
Csaf Category
csaf_security_advisory
Csaf Version
2.0
Publisher
Red Hat Product Security
Advisory Id
RHSA-2024:2780
Cve Count
5
Additional Cves
["CVE-2024-25629","CVE-2024-27982","CVE-2024-27983","CVE-2024-28182"]
Cvss Version
null

Threat ID: 6a419cc027e9c79719ac08c8

Added to database: 06/28/2026, 22:14:24 UTC

Last enriched: 06/28/2026, 22:40:15 UTC

Last updated: 07/03/2026, 12:51:10 UTC

Views: 10

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses