A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports. Exploiting this flaw can violate network import security, posing a risk to developers and servers.
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:5815 https://access.redhat.com/errata/RHSA-2024:5815
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:5814 https://access.redhat.com/errata/RHSA-2024:5814
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:6147 https://access.redhat.com/errata/RHSA-2024:6147
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:6148 https://access.redhat.com/errata/RHSA-2024:6148