nodejs-libs vulnerabilities

Known vulnerabilities in the nodejs-libs package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Resource Exhaustion	<1:18.20.6-1.amzn2023.0.1
M Inefficient Regular Expression Complexity	<1:18.20.5-1.amzn2023.0.1
M Resource Exhaustion	<1:18.20.4-1.amzn2023.0.1
M Incorrect Authorization	<1:18.20.2-1.amzn2023.0.1
M CVE-2024-30261	<1:18.20.2-1.amzn2023.0.1
M HTTP Request Smuggling	<1:18.20.2-1.amzn2023.0.1
H Resource Exhaustion	<1:18.18.2-1.amzn2023.0.4
H Detection of Error Condition Without Action	<1:18.18.2-1.amzn2023.0.4
H Arbitrary Code Injection	<1:18.18.2-1.amzn2023.0.2
M Buffer Under-read	<1:18.18.2-1.amzn2023.0.3
H Resource Exhaustion	<1:18.18.2-1.amzn2023.0.2
M CVE-2024-24758	<1:18.18.2-1.amzn2023.0.3
M Resource Exhaustion	<1:18.18.2-1.amzn2023.0.3
H Improper Validation of Integrity Check Value	<1:18.18.2-1.amzn2023.0.1
H Information Exposure	<1:18.18.2-1.amzn2023.0.1
H Arbitrary Code Injection	<1:18.18.2-1.amzn2023.0.1
H Resource Exhaustion	<1:18.18.0-1.amzn2023.0.1
H Arbitrary Code Injection	<1:18.12.1-1.amzn2023.0.10
H Policy Privileges are not Assigned Consistently Between Control and Data Agents	<1:18.12.1-1.amzn2023.0.10
H Information Exposure	<1:18.12.1-1.amzn2023.0.10
H Resource Exhaustion	<1:18.12.1-1.amzn2023.0.9
H Inefficient Regular Expression Complexity	<1:18.12.1-1.amzn2023.0.9
M Incorrect Authorization	<1:18.12.1-1.amzn2023.0.6
M Improper Input Validation	<1:18.12.1-1.amzn2023.0.6
H CVE-2023-30590	<1:18.12.1-1.amzn2023.0.7
H CVE-2023-30589	<1:18.12.1-1.amzn2023.0.7
H CVE-2023-30588	<1:18.12.1-1.amzn2023.0.7
H CVE-2023-30581	<1:18.12.1-1.amzn2023.0.7
M CVE-2023-23919	<1:18.12.1-1.amzn2023.0.5
M Untrusted Search Path	<1:18.12.1-1.amzn2023.0.4
H Inefficient Regular Expression Complexity	<1:18.12.1-1.amzn2023.0.3
H Reliance on Reverse DNS Resolution for a Security-Critical Action	<1:18.12.1-1.amzn2023.0.2
H Out-of-Bounds	<1:18.12.1-1.amzn2023.0.2
H Out-of-Bounds	<1:18.12.1-1.amzn2023.0.2
H HTTP Request Smuggling	<1:18.12.1-1.amzn2023.0.2
H Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)	<1:18.12.1-1.amzn2023.0.2
H Uncontrolled Search Path Element	<1:18.12.1-1.amzn2023.0.2
H External Control of File Name or Path	<1:18.12.1-1.amzn2023.0.2
H HTTP Request Smuggling	<1:18.12.1-1.amzn2023.0.2
H HTTP Request Smuggling	<1:18.12.1-1.amzn2023.0.2
H HTTP Request Smuggling	<1:18.12.1-1.amzn2023.0.2
H Improper Check or Handling of Exceptional Conditions	<1:18.12.1-1.amzn2023.0.2
H Improper Certificate Validation	<1:18.12.1-1.amzn2023.0.2
H Improperly Controlled Modification of Dynamically-Determined Object Attributes	<1:18.12.1-1.amzn2023.0.2
H Improper Certificate Validation	<1:18.12.1-1.amzn2023.0.2
H Improper Certificate Validation	<1:18.12.1-1.amzn2023.0.2
H Insufficient Verification of Data Authenticity	<1:18.12.1-1.amzn2023.0.2
H HTTP Request Smuggling	<1:18.12.1-1.amzn2023.0.2
H HTTP Request Smuggling	<1:18.12.1-1.amzn2023.0.2

Vulnerability

Vulnerable Version

Resource Exhaustion

<1:18.20.6-1.amzn2023.0.1

Inefficient Regular Expression Complexity

<1:18.20.5-1.amzn2023.0.1

Resource Exhaustion

<1:18.20.4-1.amzn2023.0.1

Incorrect Authorization

<1:18.20.2-1.amzn2023.0.1

CVE-2024-30261

<1:18.20.2-1.amzn2023.0.1