Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Debian 11 bullseye DLA-4013-1: node-mocha two vulnerabilities reported

debian lts
Calendar Grey January 11, 2025
Dist Debian Esm H88
The recent DLA-4013-1 advisory for node-mocha highlights vulnerabilities in Debian LTS. Users must promptly upgrade to maintain application security and integrity
mocha a javascript test framework was affected by two vulnerabilities in nanoid component
Topics%20covered

Topics Covered

security advisory update Debian information exposure node-mocha size handling

Summary


CVE-2021-23566

nanoid package is vulnerable to Information Exposure via the
valueOf() function which allows to reproduce the last id generated.


CVE-2024-55565

nanoid package mishandles non-integer values of size parameter.

For Debian 11 bullseye, these problems have been fixed in version
8.2.1+ds1+~cs29.4.27-3+deb11u1.

We recommend that you upgrade your node-mocha packages.

For the detailed security status of node-mocha please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/node-mocha

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
critical
Lowest
Low
Medium
High
Critical

Package: node-mocha
Version: 8.2.1+ds1+~cs29.4.27-3+deb11u1
CVE ID: CVE-2021-23566 CVE-2024-55565
Debian Bug:

Topics%20covered

Topics Covered

security advisory update Debian information exposure node-mocha size handling

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here