When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check. References: https://nodejs.org/en/blog/vulnerability/october-2023-security-releases
Created nodejs tracking bugs for this issue: Affects: epel-7 [bug 2244472] Affects: fedora-37 [bug 2244483] Created nodejs16 tracking bugs for this issue: Affects: fedora-38 [bug 2244474] Created nodejs18 tracking bugs for this issue: Affects: fedora-38 [bug 2244477] Created nodejs20 tracking bugs for this issue: Affects: fedora-38 [bug 2244473] Created nodejs:13/nodejs tracking bugs for this issue: Affects: epel-8 [bug 2244487] Created nodejs:14/nodejs tracking bugs for this issue: Affects: fedora-37 [bug 2244481] Created nodejs:16-epel/nodejs tracking bugs for this issue: Affects: epel-8 [bug 2244485] Created nodejs:16/nodejs tracking bugs for this issue: Affects: fedora-38 [bug 2244475] Created nodejs:18/nodejs tracking bugs for this issue: Affects: fedora-37 [bug 2244479]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:5849 https://access.redhat.com/errata/RHSA-2023:5849
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5869 https://access.redhat.com/errata/RHSA-2023:5869
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:7205 https://access.redhat.com/errata/RHSA-2023:7205