-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

SUMMARY

cPanel, L.L.C. has updated packages for EasyApache 4 with NodeJS version 16.19.1. This release addresses vulnerabilities related to CVE-2023-23918, CVE-2023-23918, CVE-2023-23920, CVE-2023-23936 and CVE-2023-24807. We strongly encourage all NodeJS users to upgrade to version 16.19.1.

 
AFFECTED VERSIONS
All versions of NodeJS through 16.19.0.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2023-23918 - MEDIUM
NodeJS 16.19.1
Fixed vulnerability related to CVE-2023-23918.

CVE-2023-23919 - MEDIUM
NodeJS 16.19.1
Fixed vulnerability related to CVE-2023-23919.

CVE-2023-23920 - MEDIUM
NodeJS 16.19.1
Fixed vulnerability related to CVE-2023-23920.

CVE-2023-23936 - MEDIUM
NodeJS 16.19.1
Fixed vulnerability related to CVE-2023-23936.

CVE-2023-24807 - MEDIUM
NodeJS 16.19.1
Fixed vulnerability related to CVE-2023-24807.

SOLUTION
cPanel, L.L.C. has released updated packages for EasyApache 4 on February 22, 2023, with NodeJS version 16.19.1. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM's Run System Update interface.

 
REFERENCES
https://www.cve.org/CVERecord?id=CVE-2023-23918
https://www.cve.org/CVERecord?id=CVE-2023-23919
https://www.cve.org/CVERecord?id=CVE-2023-23920
https://www.cve.org/CVERecord?id=CVE-2023-23936
https://www.cve.org/CVERecord?id=CVE-2023-24807 
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V16.md



















-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmP2QAUACgkQlSG+3KvZ
Td8Xmg/+LoKHIYiiDfBGlgZiqRe6mBR8kvyazho7HFNquaCo+sHT71NfnCdb0deX
CzvSGAxtbCs4OQvUPfLHSi2LhMeQEm+v9hRPztoMlwY+Z61ev/uiIxHHZEYkTgWE
OIaOTNsGdpsTJiVF0zeO5R2R1Cn6Z6JbHVSN6mb8j1myu2IwRR9Z1PY6zVygEpYP
m7OpRqQI8+TUeBRgU6Otbl4xgdcwc5NkxgQDsMbgw65tkO4T9SxiunsNVyIAP8zo
lHtAzTbrgmUvLLyXIWEknVrdgXS6YllhNBcKOAyraTkQCPY7ii8qoNszVr3rxFBw
jQW/0Mg2J4Z0B94RPOKf+IyfUnHrrRfVaXRurpfZ3YjnSpv6+wLy6aNDIivf+Qsw
YV8Rye3tvkBfYHv06sEA8alGcikXKKWnZQCJHxf7u1f9jJmRRgb4paVVV+vOY9sY
139rsitZkvWPJ9WkOmoWZe//s7ycIi6I3OeGJecn6Wmoueg7p2ceoStzVQwy7RT5
QXR4qvZv78njikM1nEetMzp/GqiqnSy76tItxeLwEqtEhxB0T5Wj6aNHBsDV18I/
4MH3SqltrG/pJGsQiCik26qETzPZHcAfLTIduhqvcwhRHg+WmADkHF+EzmjVwsnz
7buK74VuKpjllVgJ+bm6LD2mAj5PwSeVl7U+/2akOxKluJpXl1o=
=iKoS
-----END PGP SIGNATURE-----