Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…
EPSS 0.5%top 63%

Red Hat Security Advisory: nodejs:20 security update

0
Medium
Published: 08/26/2024 (08/26/2024, 08:36:35 UTC)
Source: GCVE Database
Vendor/Project: Red Hat Product Security
Product: Red Hat

Description

A security update for Node.js 20 on Red Hat Enterprise Linux addresses multiple vulnerabilities including denial of service in node-tar and permission model bypasses in Node.js filesystem functions. The update fixes CVE-2024-28863, CVE-2024-22020, CVE-2024-22018, and CVE-2024-36137. These issues could allow denial of service or unauthorized permission bypass. Red Hat rates the overall impact as moderate and has released updated packages for affected Red Hat Enterprise Linux 8 variants.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/03/2026, 23:05:59 UTC

Technical Analysis

This advisory covers four security vulnerabilities in Node.js 20 as packaged by Red Hat for RHEL 8. CVE-2024-28863 is a denial of service vulnerability in node-tar caused by lack of folder depth validation when parsing tar files. CVE-2024-22020 allows bypassing network import restrictions via data URLs. CVE-2024-22018 and CVE-2024-36137 involve bypasses of the permission model in Node.js filesystem functions fs.lstat and fs.fchown/fchmod respectively. Red Hat has issued a security update (RHSA-2024:5814) that addresses these issues by updating the nodejs:20 module. The advisory rates the severity as moderate and provides updated packages for multiple RHEL 8 architectures and extended life cycle versions.

Potential Impact

The vulnerabilities could lead to denial of service conditions or unauthorized bypass of filesystem permission checks in Node.js applications running on affected Red Hat Enterprise Linux 8 systems. This may allow attackers to circumvent security restrictions or cause application crashes. The overall security impact is rated moderate by Red Hat Product Security.

Mitigation Recommendations

Red Hat has released an official security update for the nodejs:20 module in Red Hat Enterprise Linux 8 that addresses these vulnerabilities. Users should apply the update as described in the Red Hat advisory RHSA-2024:5814 and the referenced article https://access.redhat.com/articles/11258 to remediate the issues. No additional mitigation steps are indicated beyond applying the official update.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Gcve Source
db.gcve.eu
Csaf Category
csaf_security_advisory
Csaf Version
2.0
Publisher
Red Hat Product Security
Advisory Id
RHSA-2024:5814
Cve Count
4
Additional Cves
["CVE-2024-22020","CVE-2024-28863","CVE-2024-36137"]
Cvss Version
null

Threat ID: 6a483cbb27e9c79719d82fd4

Added to database: 07/03/2026, 22:50:35 UTC

Last enriched: 07/03/2026, 23:05:59 UTC

Last updated: 07/04/2026, 08:51:17 UTC

Views: 5

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses