10 June 2024 IBM i Security Alert: libuv (10/06/2024)

A new alert, derived from the previous posts, because it doesn’t directly concern the installation of Node.js, but one of its possible imports.

The flaw we’re talking about today stems from the import of the libuv library into Node.js.
For information or reminder libuv is mainly used to support asynchronous I/O based on event loops.
Its flaw stems from a possible server-side request forgery, caused by a bad domain lookup by the uv_getaddrinfo function in src/unix/getaddrinfo.c.
By sending a specially crafted request, an attacker can exploit this vulnerability to carry out a Server-Side Request Forgery (SSRF) attack. CVSS score 7.3.

To correct this flaw, simply update Node.js to version LTS 18. You can find details of this flaw by clicking on the attached link:(https://lnkd.in/eD2TC6tR)

Posted in

Latest news

Alert

IBM i Security Alert: Ethernet recovery for certain IBM i adapters (12/03/2025)

12 March 2025
Read more
Alert

IBM i Security Alert: Database bypass denial of service (12/02/2025)

25 February 2025
Read more
Alert

IBM i Security Alert: Privilege elevation (02/25/2025)

25 February 2025
Read more
Alert

IBM i Security Alert: Vulnerabilities in the Java SDK (11/02/2025)

11 February 2025
Read more
Alert

IBM i Security Alert: RDi XStream (27/01/2025)

27 January 2025
Read more
Alert

IBM i Security Alert: IBM PowerHA SystemMirror (13/01/2025)

13 January 2025
Read more
Alert

IBM i Security Alert: 2 critical vulnerabilities in Rational Developer for i (RDi)!(10/12/2024)

10 December 2024
Read more
Alert

IBM i Security Alert: 4 vulnerabilities in the IBM HTTP Server! (09/12/2024)

09 December 2024
Read more