Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2024:5814 - Security Advisory
Issued:
2024-08-26
Updated:
2024-08-26

RHSA-2024:5814 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: nodejs:20 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

Security Fix(es):

  • node-tar: denial of service while parsing a tar file due to lack of folders depth validation (CVE-2024-28863)
  • nodejs: Bypass network import restriction via data URL (CVE-2024-22020)
  • nodejs: fs.lstat bypasses permission model (CVE-2024-22018)
  • nodejs: fs.fchown/fchmod bypasses permission model (CVE-2024-36137)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 2293200 - CVE-2024-28863 node-tar: denial of service while parsing a tar file due to lack of folders depth validation
  • BZ - 2296417 - CVE-2024-22020 nodejs: Bypass network import restriction via data URL
  • BZ - 2296990 - CVE-2024-22018 nodejs: fs.lstat bypasses permission model
  • BZ - 2299281 - CVE-2024-36137 nodejs: fs.fchown/fchmod bypasses permission model

CVEs

  • CVE-2024-22018
  • CVE-2024-22020
  • CVE-2024-28863
  • CVE-2024-36137

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
nodejs-20.16.0-1.module+el8.10.0+22203+a88c8310.src.rpm SHA-256: 112064720c64fab1f18a0f916406ebb77fbcd263bc1fcf99f54903cac77e959c
nodejs-nodemon-3.0.1-1.module+el8.9.0+20473+c4e3d824.src.rpm SHA-256: 889a030834eca2139002087753843c52252e5b2dc40b5d0ad8d87af10af3af3e
nodejs-packaging-2021.06-4.module+el8.9.0+19519+e25b965a.src.rpm SHA-256: a7fd1b3ac37949c6ce7591cd26c2b1c0a16fc981466e4ef9ba1d0fb2d54d3049
x86_64
nodejs-20.16.0-1.module+el8.10.0+22203+a88c8310.x86_64.rpm SHA-256: 51443d2eeaf9b3ac018ed9993e3fd02f07c4c88d67be64431f154da557b45bad
nodejs-debuginfo-20.16.0-1.module+el8.10.0+22203+a88c8310.x86_64.rpm SHA-256: 28967487e37a9e111b631d80bd3afb239d3500a31b8dc1bfe1480309fe89364d
nodejs-debugsource-20.16.0-1.module+el8.10.0+22203+a88c8310.x86_64.rpm SHA-256: ece2eb1b51b7e0ed6db4a9d39eef1dcad190961c1d62827c4e10dcd96b6e118a
nodejs-devel-20.16.0-1.module+el8.10.0+22203+a88c8310.x86_64.rpm SHA-256: 5d9e52faa9effc156f4474f171d6ffbe116dfc73a83b23918d51228e8ed42e1b
nodejs-docs-20.16.0-1.module+el8.10.0+22203+a88c8310.noarch.rpm SHA-256: 3f4b8c33090060f917a52ef486d79c617e70906f894bb8cc57b4c823b7304bd6
nodejs-full-i18n-20.16.0-1.module+el8.10.0+22203+a88c8310.x86_64.rpm SHA-256: b5e1f36ec48e6e8bad1dc22768422dfd921d98ddcdaf4152c3a3d8b79edb02eb
nodejs-nodemon-3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch.rpm SHA-256: fee4b73944dd7d48743f7cb6f570393b91390ffd93f6eccb1c17b308d44e9142
nodejs-packaging-2021.06-4.module+el8.9.0+19519+e25b965a.noarch.rpm SHA-256: 66d731b4208710620bdc2be1cc05d9506201e45fce762122fd8840b7c4dca17e
nodejs-packaging-bundler-2021.06-4.module+el8.9.0+19519+e25b965a.noarch.rpm SHA-256: b7339583f645c7d80e49aadb33eb288479e3cddb1bc375fd9324c499503ca55b
npm-10.8.1-1.20.16.0.1.module+el8.10.0+22203+a88c8310.x86_64.rpm SHA-256: 2cd886363e2833f5b34792b8bb7116a03e2e7f72a0febb377a3812035cfd74dd

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
nodejs-20.16.0-1.module+el8.10.0+22203+a88c8310.src.rpm SHA-256: 112064720c64fab1f18a0f916406ebb77fbcd263bc1fcf99f54903cac77e959c
nodejs-nodemon-3.0.1-1.module+el8.9.0+20473+c4e3d824.src.rpm SHA-256: 889a030834eca2139002087753843c52252e5b2dc40b5d0ad8d87af10af3af3e
nodejs-packaging-2021.06-4.module+el8.9.0+19519+e25b965a.src.rpm SHA-256: a7fd1b3ac37949c6ce7591cd26c2b1c0a16fc981466e4ef9ba1d0fb2d54d3049
s390x
nodejs-docs-20.16.0-1.module+el8.10.0+22203+a88c8310.noarch.rpm SHA-256: 3f4b8c33090060f917a52ef486d79c617e70906f894bb8cc57b4c823b7304bd6
nodejs-nodemon-3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch.rpm SHA-256: fee4b73944dd7d48743f7cb6f570393b91390ffd93f6eccb1c17b308d44e9142
nodejs-packaging-2021.06-4.module+el8.9.0+19519+e25b965a.noarch.rpm SHA-256: 66d731b4208710620bdc2be1cc05d9506201e45fce762122fd8840b7c4dca17e
nodejs-packaging-bundler-2021.06-4.module+el8.9.0+19519+e25b965a.noarch.rpm SHA-256: b7339583f645c7d80e49aadb33eb288479e3cddb1bc375fd9324c499503ca55b
nodejs-20.16.0-1.module+el8.10.0+22203+a88c8310.s390x.rpm SHA-256: 9f0ce3c81d90d612f300a8c76fd7c3313a99a38cc0f118c8e4c5bb389165f83c
nodejs-debuginfo-20.16.0-1.module+el8.10.0+22203+a88c8310.s390x.rpm SHA-256: 368cc5539772d44a75e8ad40780992ff28edf97c2e6bce26771c888ff4449dc7
nodejs-debugsource-20.16.0-1.module+el8.10.0+22203+a88c8310.s390x.rpm SHA-256: 4f1ae1a80de6d395867f523f84dfca48846da84a31bd141211ab2ddfc80ea354
nodejs-devel-20.16.0-1.module+el8.10.0+22203+a88c8310.s390x.rpm SHA-256: 832a9e0c5344a61ee196c4e84aac5a3a25658949aeee6a467a54f76e48605935
nodejs-full-i18n-20.16.0-1.module+el8.10.0+22203+a88c8310.s390x.rpm SHA-256: e7a2a89a8001379133feec28c20fbb8e685da5ef7c8fd14c340c7706c3c943d5
npm-10.8.1-1.20.16.0.1.module+el8.10.0+22203+a88c8310.s390x.rpm SHA-256: b69b8021cfba66a2ce41b883a5c152f487430b454998aa275781065d2cf00a88

Red Hat Enterprise Linux for Power, little endian 8

SRPM
nodejs-20.16.0-1.module+el8.10.0+22203+a88c8310.src.rpm SHA-256: 112064720c64fab1f18a0f916406ebb77fbcd263bc1fcf99f54903cac77e959c
nodejs-nodemon-3.0.1-1.module+el8.9.0+20473+c4e3d824.src.rpm SHA-256: 889a030834eca2139002087753843c52252e5b2dc40b5d0ad8d87af10af3af3e
nodejs-packaging-2021.06-4.module+el8.9.0+19519+e25b965a.src.rpm SHA-256: a7fd1b3ac37949c6ce7591cd26c2b1c0a16fc981466e4ef9ba1d0fb2d54d3049
ppc64le
nodejs-docs-20.16.0-1.module+el8.10.0+22203+a88c8310.noarch.rpm SHA-256: 3f4b8c33090060f917a52ef486d79c617e70906f894bb8cc57b4c823b7304bd6
nodejs-nodemon-3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch.rpm SHA-256: fee4b73944dd7d48743f7cb6f570393b91390ffd93f6eccb1c17b308d44e9142
nodejs-packaging-2021.06-4.module+el8.9.0+19519+e25b965a.noarch.rpm SHA-256: 66d731b4208710620bdc2be1cc05d9506201e45fce762122fd8840b7c4dca17e
nodejs-packaging-bundler-2021.06-4.module+el8.9.0+19519+e25b965a.noarch.rpm SHA-256: b7339583f645c7d80e49aadb33eb288479e3cddb1bc375fd9324c499503ca55b
nodejs-20.16.0-1.module+el8.10.0+22203+a88c8310.ppc64le.rpm SHA-256: 14398726bde86d6b4db4411dc7519004936b8f54a45604a686630766faa3b175
nodejs-debuginfo-20.16.0-1.module+el8.10.0+22203+a88c8310.ppc64le.rpm SHA-256: b9dcb2893dc78f24196a68b1d50fce9cb9f4f71c63ea47e2385d7e8d36e4def5
nodejs-debugsource-20.16.0-1.module+el8.10.0+22203+a88c8310.ppc64le.rpm SHA-256: 10098e2042a85ac6a478ab3cd5d8fc966d9a375ce8f305135ee79dfe972a55d4
nodejs-devel-20.16.0-1.module+el8.10.0+22203+a88c8310.ppc64le.rpm SHA-256: 596a6a71d41b72089bfdf1851ad0cb1ae00c3e327ed5d2f319fc09c8a1e9dc8b
nodejs-full-i18n-20.16.0-1.module+el8.10.0+22203+a88c8310.ppc64le.rpm SHA-256: 7cf5a13f4ddd68df510c8cf0898bcbdde38da609403bfaf0b27feded2c524bb6
npm-10.8.1-1.20.16.0.1.module+el8.10.0+22203+a88c8310.ppc64le.rpm SHA-256: db12a2d6ece2c081d083fa798c8169ce66317d0ceede01f9e3ae0e76138da1c0

Red Hat Enterprise Linux for ARM 64 8

SRPM
nodejs-20.16.0-1.module+el8.10.0+22203+a88c8310.src.rpm SHA-256: 112064720c64fab1f18a0f916406ebb77fbcd263bc1fcf99f54903cac77e959c
nodejs-nodemon-3.0.1-1.module+el8.9.0+20473+c4e3d824.src.rpm SHA-256: 889a030834eca2139002087753843c52252e5b2dc40b5d0ad8d87af10af3af3e
nodejs-packaging-2021.06-4.module+el8.9.0+19519+e25b965a.src.rpm SHA-256: a7fd1b3ac37949c6ce7591cd26c2b1c0a16fc981466e4ef9ba1d0fb2d54d3049
aarch64
nodejs-docs-20.16.0-1.module+el8.10.0+22203+a88c8310.noarch.rpm SHA-256: 3f4b8c33090060f917a52ef486d79c617e70906f894bb8cc57b4c823b7304bd6
nodejs-nodemon-3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch.rpm SHA-256: fee4b73944dd7d48743f7cb6f570393b91390ffd93f6eccb1c17b308d44e9142
nodejs-packaging-2021.06-4.module+el8.9.0+19519+e25b965a.noarch.rpm SHA-256: 66d731b4208710620bdc2be1cc05d9506201e45fce762122fd8840b7c4dca17e
nodejs-packaging-bundler-2021.06-4.module+el8.9.0+19519+e25b965a.noarch.rpm SHA-256: b7339583f645c7d80e49aadb33eb288479e3cddb1bc375fd9324c499503ca55b
nodejs-20.16.0-1.module+el8.10.0+22203+a88c8310.aarch64.rpm SHA-256: 28c0ee865f8d7e5489e929549b4839868d76773a357f9ab0c27678da8b67eb4a
nodejs-debuginfo-20.16.0-1.module+el8.10.0+22203+a88c8310.aarch64.rpm SHA-256: 6f3a951f0beb0e807ab0999173fdb1a8530eadc9f80869b8b0c6e196d5cf999d
nodejs-debugsource-20.16.0-1.module+el8.10.0+22203+a88c8310.aarch64.rpm SHA-256: e4a014fdf754edd7cbb3fccf82af26ce7d264d5546ba1f8777a42a91d8f40d47
nodejs-devel-20.16.0-1.module+el8.10.0+22203+a88c8310.aarch64.rpm SHA-256: 85bd9bd171d1f1b68c2920a129976348d68f0f23ffb6e36f404dc1128e3a50b0
nodejs-full-i18n-20.16.0-1.module+el8.10.0+22203+a88c8310.aarch64.rpm SHA-256: db27b5ca8be7dc37bd3cedb3a65c0f789e696345a0fb0e544d9b6ca57bd94d3a
npm-10.8.1-1.20.16.0.1.module+el8.10.0+22203+a88c8310.aarch64.rpm SHA-256: 6a73f8bae76c361e80ee5f55745dc4dc64b560cb1af739ba74261c5c44f918b9

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility