VDB
ALSA-2024%3A2780
ALSA-2024%3A2780
PUBLISHED
Important: nodejs:18 security update
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| AlmaLinux:8 | npm | 0, 0 |
| AlmaLinux:8 | nodejs-packaging-bundler | 0, 0 |
| AlmaLinux:8 | nodejs-devel | 0, 0 |
| AlmaLinux:8 | nodejs-docs | 0, 0 |
| AlmaLinux:8 | nodejs | 0, 0 |
| AlmaLinux:8 | nodejs-nodemon | 0, 0 |
| AlmaLinux:8 | nodejs-full-i18n | 0, 0 |
| AlmaLinux:8 | nodejs-packaging | 0, 0 |
Exploit Intelligence
- CVE-2024-27983 this repository builds up a vulnerable HTTP2 Node.js server (`server-nossl.js`) based on CVE-2024-27983 which exploits a continuation flood vulnerability in HTTP2 servers. (github-poc-repo)
- CVE-2024-27983 this repository builds up a vulnerable HTTP2 Node.js server (`server-nossl.js`) based on CVE-2024-27983 which exploits a continuation flood vulnerability in HTTP2 servers. (github-poc-repo)
- CVE-2024-27983 this repository builds up a vulnerable HTTP2 Node.js server (`server-nossl.js`) based on CVE-2024-27983 which exploits a continuation flood vulnerability in HTTP2 servers. (github-poc)
- CVE-2024-27983 this repository builds up a vulnerable HTTP2 Node.js server (`server-nossl.js`) based on CVE-2024-27983 which exploits a continuation flood vulnerability in HTTP2 servers. (github-poc)
- report.html (github-poc)
- report.html (github-poc)
- GenerationConfig.java (github-poc)
- GenerationConfig.java (github-poc)
- SelfAdaptationGenerationConfig.java (github-poc)
- SelfAdaptationGenerationConfig.java (github-poc)
…and 2 more exploits
Timeline
- May 9, 2024 CVE Published
- May 9, 2024 CVE Updated
- Mar 6, 2026 Distribution Patch
- Mar 6, 2026 Distribution Patch
- Mar 6, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2024:2780 vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-22025 third-party-advisory
- https://access.redhat.com/security/cve/CVE-2024-25629 third-party-advisory
- https://access.redhat.com/security/cve/CVE-2024-27982 third-party-advisory
- https://access.redhat.com/security/cve/CVE-2024-27983 third-party-advisory
- https://access.redhat.com/security/cve/CVE-2024-28182 third-party-advisory
- https://bugzilla.redhat.com/2265713 third-party-advisory
- https://bugzilla.redhat.com/2268639 third-party-advisory
- https://bugzilla.redhat.com/2270559 third-party-advisory
- https://bugzilla.redhat.com/2272764 third-party-advisory
- https://bugzilla.redhat.com/2275392 third-party-advisory
- https://errata.almalinux.org/8/ALSA-2024-2780.html vendor-advisory