- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 202505-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High
    Title: Node.js: Multiple Vulnerabilities
     Date: May 14, 2025
     Bugs: #916513, #924704, #928532, #936204
       ID: 202505-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======
Multiple vulnerabilities have been discovered in Node.js, the worst of
which could lead to execution of arbitrary code.

Background
=========
Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine.

Affected packages
================
Package          Vulnerable    Unaffected
---------------  ------------  ------------
net-libs/nodejs  < 22.4.1      >= 22.4.1

Description
==========
Multiple vulnerabilities have been discovered in Node.js. Please review
the CVE identifiers referenced below for details.

Impact
=====
Please review the referenced CVE identifiers for details.

Workaround
=========
There is no known workaround at this time.

Resolution
=========
All Node.js users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=net-libs/nodejs-22.4.1"

References
=========
[ 1 ] CVE-2023-38552
      https://nvd.nist.gov/vuln/detail/CVE-2023-38552
[ 2 ] CVE-2023-39331
      https://nvd.nist.gov/vuln/detail/CVE-2023-39331
[ 3 ] CVE-2023-39332
      https://nvd.nist.gov/vuln/detail/CVE-2023-39332
[ 4 ] CVE-2023-39333
      https://nvd.nist.gov/vuln/detail/CVE-2023-39333
[ 5 ] CVE-2023-44487
      https://nvd.nist.gov/vuln/detail/CVE-2023-44487
[ 6 ] CVE-2023-45143
      https://nvd.nist.gov/vuln/detail/CVE-2023-45143
[ 7 ] CVE-2023-46809
      https://nvd.nist.gov/vuln/detail/CVE-2023-46809
[ 8 ] CVE-2024-21890
      https://nvd.nist.gov/vuln/detail/CVE-2024-21890
[ 9 ] CVE-2024-21891
      https://nvd.nist.gov/vuln/detail/CVE-2024-21891
[ 10 ] CVE-2024-21892
      https://nvd.nist.gov/vuln/detail/CVE-2024-21892
[ 11 ] CVE-2024-21896
      https://nvd.nist.gov/vuln/detail/CVE-2024-21896
[ 12 ] CVE-2024-22017
      https://nvd.nist.gov/vuln/detail/CVE-2024-22017
[ 13 ] CVE-2024-22018
      https://nvd.nist.gov/vuln/detail/CVE-2024-22018
[ 14 ] CVE-2024-22019
      https://nvd.nist.gov/vuln/detail/CVE-2024-22019
[ 15 ] CVE-2024-22020
      https://nvd.nist.gov/vuln/detail/CVE-2024-22020
[ 16 ] CVE-2024-22025
      https://nvd.nist.gov/vuln/detail/CVE-2024-22025
[ 17 ] CVE-2024-27982
      https://nvd.nist.gov/vuln/detail/CVE-2024-27982
[ 18 ] CVE-2024-27983
      https://nvd.nist.gov/vuln/detail/CVE-2024-27983
[ 19 ] CVE-2024-36137
      https://nvd.nist.gov/vuln/detail/CVE-2024-36137
[ 20 ] CVE-2024-37372
      https://nvd.nist.gov/vuln/detail/CVE-2024-37372

Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202505-11

Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
======
Copyright 2025 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5