DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2020-8201", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2020-8201", "description": "Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.", "published": "2020-09-18T21:15:00", "modified": "2022-05-24T17:24:00", "epss": [{"cve": "CVE-2020-8201", "epss": 0.00183, "percentile": 0.54287, "modified": "2023-06-06"}], "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 5.8}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 4.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.2, "impactScore": 5.2}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8201", "reporter": "support@hackerone.com", "references": ["https://hackerone.com/reports/922597", "https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/", "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html", "https://security.netapp.com/advisory/ntap-20201009-0004/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/", "https://security.gentoo.org/glsa/202101-07"], "cvelist": ["CVE-2020-8201"], "immutableFields": [], "lastseen": "2023-06-06T15:03:26", "viewCount": 162, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4272"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2020-8201"]}, {"type": "altlinux", "idList": ["141705310F680119414629D61232C397", "267015788547A7FA92F45445C0660023"]}, {"type": "amazon", "idList": ["ALAS2-2021-1581"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-8201"]}, {"type": "fedora", "idList": ["FEDORA:57FF33092F97"]}, {"type": "freebsd", "idList": ["4CA5894C-F7F1-11EA-8FF8-0022489AD614"]}, {"type": "gentoo", "idList": ["GLSA-202101-07"]}, {"type": "hackerone", "idList": ["H1:922597"]}, {"type": "ibm", "idList": ["0AD9F83B7953049F0E33084A7BEC3D55EB9EA5F9A97EBB65BE8B8CA0F39E4A23", "10301FF6336C952B90C3BF7CBE84C410CA8A9F2722C29F538BA2BF6C7FFD1A3C", "1119303B8319599145604A9A6BE49858F5B1EBDE75E0E27647D393CA6266C7F6", "18131D0BA650EF9B41DA93FCB8F2132161DB2CCC728DA0699E1EAA97DC50C9FA", "25A6C9E66F17216D58CDFA3F3A004ED3E98FB8EF07112896BA07716E088E1DAE", "4F727EC09488BA3419509F300A9AD0025F1245D7716544CE8751D7671913661B", "64ADFD088203597B59C398AB3DEF28DC4F72D37A4C48C7FA81C6531EDA6A9877", "6E156A9F23818EEB8BED9BD1CCA793D1E39ECA327F8731EDD8B312FDE05B0534", "7B0A9F47A8DDE29D9D046C44FDF481AAAE46C250D18595E90E3B2FD6919C01CE", "8887549C6F161BCC915CE1D3E4A9664CCF6B9D448CFED4C3CDB1B69DEC64DC56", "8FF3A63E35BBF2DC0FF818FE6BCEA38F72D22EEAE3E1C5E19B8EEB82EE8D6B68", "93427DA4CA2CD6F06C0F65C6C8A747924B9736924E6E55B544BEE8FF282D8045", "9580C73986356B38CDDF1344670EFAE6446ED3D7433AC78C8AD1CC5824EE67DB", "A3F0F73C564C34889CFF450428C9639D54138F1F9540F74320AAEC30CDBAF1C6", "AEFA58E0B299FCAB99F7C8D9EEE2E92FA51C6C59909F52D35CE3AA415C4C4F5D", "B1E750F05DC2133E8D51F675D3CBD67E8448BB183D36DC9052B6E9550A7CC5B5", "B7D409E9A403BA9F7B31027D06EA38DD15E5D87F56D21161B5BA8A2053445315", "CF4D2769585468C3B5E0B9EFC35497D9319CF1A37CE4E048AEFE10EBDD3CFDD4", "D09099104FD73909B7A17C8A562A046B31FE40ED451593AC739AE369D3E4A1F7", "D37EA0175408C99D13482136E01F3DFC84109D67FDDADB24C39F10A62CD75B86", "D841E600D8569B75D99F3956AFB7F96288D0453BD114E6F7D4F1F882CCD81720", "D86E7C6F72238274E058527933A79DBFB080B32C167FF20627B19173CA4A73F7", "DAF97345BBBA82476B8FE6C0BC8B87D125698ABD4CD30673CBD15CBFEC010F3D", "F0DEAA11864C79AB944778587F6E4E173522B7E2598E5D03BA63AD035A2ABBA7", "FB37F0F7CF6522CCB3B684C95B5F64BEC8DDF83F29BF1BF109AD27B6810731D6"]}, {"type": "ics", "idList": ["ICSA-22-111-03", "ICSA-22-242-01", "ICSA-22-242-02"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-1581.NASL", "CENTOS8_RHSA-2020-4272.NASL", "FEDORA_2020-43D5A372FC.NASL", "FREEBSD_PKG_4CA5894CF7F111EA8FF80022489AD614.NASL", "GENTOO_GLSA-202101-07.NASL", "NODEJS_2020_SEP.NASL", "OPENSUSE-2020-1616.NASL", "ORACLELINUX_ELSA-2020-4272.NASL", "REDHAT-RHSA-2020-4272.NASL", "REDHAT-RHSA-2020-4903.NASL", "REDHAT-RHSA-2020-5086.NASL", "SUSE_SU-2020-2812-1.NASL", "SUSE_SU-2020-2813-1.NASL"]}, {"type": "nodejsblog", "idList": ["NODEJSBLOG:SEPTEMBER-2020-SECURITY-RELEASES"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-4272"]}, {"type": "redhat", "idList": ["RHSA-2020:4272", "RHSA-2020:4903", "RHSA-2020:5086"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-8201"]}, {"type": "rocky", "idList": ["RLSA-2020:4272"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1616-1"]}, {"type": "threatpost", "idList": ["THREATPOST:136544A8850662645EB54E79AAB40F75"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-8201"]}, {"type": "veracode", "idList": ["VERACODE:27225"]}]}, "score": {"value": 1.4, "vector": "NONE"}, "twitter": {"counter": 3, "tweets": [{"link": "https://twitter.com/VulmonFeeds/status/1339011157374377984", "text": "CVE-2020-8201\n\nNode.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions,...\n\nhttps://t.co/9u40md78KV?amp=1"}, {"link": "https://twitter.com/micsieg/status/1356760925773180928", "text": "Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Node.js.(CVE-2020-8201 CVE-2020-8251 CVE-2020-8252 )"}, {"link": "https://twitter.com/RemotelyAlerts/status/1529167725414666240", "text": "Severity: | Node.js < 12.18.4 and < 14.11 can be exp... | CVE-2020-8201 | Link for more: https://t.co/W9N0iEfU1R", "author": "RemotelyAlerts", "author_photo": "https://pbs.twimg.com/profile_images/1504104638949306370/YyoQGBiq_400x400.png"}]}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4272"]}, {"type": "amazon", "idList": ["ALAS2-2021-1581"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-8201"]}, {"type": "fedora", "idList": ["FEDORA:57FF33092F97"]}, {"type": "freebsd", "idList": ["4CA5894C-F7F1-11EA-8FF8-0022489AD614"]}, {"type": "gentoo", "idList": ["GLSA-202101-07"]}, {"type": "hackerone", "idList": ["H1:922597"]}, {"type": "ibm", "idList": ["7B0A9F47A8DDE29D9D046C44FDF481AAAE46C250D18595E90E3B2FD6919C01CE", "CF4D2769585468C3B5E0B9EFC35497D9319CF1A37CE4E048AEFE10EBDD3CFDD4", "FB37F0F7CF6522CCB3B684C95B5F64BEC8DDF83F29BF1BF109AD27B6810731D6"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-1581.NASL", "CENTOS8_RHSA-2020-4272.NASL", "FREEBSD_PKG_4CA5894CF7F111EA8FF80022489AD614.NASL", "GENTOO_GLSA-202101-07.NASL", "ORACLELINUX_ELSA-2020-4272.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-4272"]}, {"type": "redhat", "idList": ["RHSA-2020:4272"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-8201"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1616-1"]}, {"type": "threatpost", "idList": ["THREATPOST:136544A8850662645EB54E79AAB40F75"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-8201"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "nodejs node.js", "version": 14}, {"name": "nodejs node.js", "version": 12}, {"name": "opensuse leap", "version": 15}, {"name": "fedoraproject fedora", "version": 33}]}, "epss": [{"cve": "CVE-2020-8201", "epss": 0.00166, "percentile": 0.51823, "modified": "2023-05-07"}], "vulnersScore": 1.4}, "_state": {"dependencies": 1686073041, "score": 1686064018, "twitter": 0, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "c40f7e722822f0deba0b3891783dd847"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:opensuse:leap:15.2"], "cpe23": ["cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"], "cwe": ["CWE-444"], "affectedSoftware": [{"cpeName": "nodejs:node.js", "version": "14.11.0", "operator": "lt", "name": "nodejs node.js"}, {"cpeName": "nodejs:node.js", "version": "12.18.4", "operator": "lt", "name": "nodejs node.js"}, {"cpeName": "opensuse:leap", "version": "15.2", "operator": "eq", "name": "opensuse leap"}, {"cpeName": "fedoraproject:fedora", "version": "33", "operator": "eq", "name": "fedoraproject fedora"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:nodejs:node.js:14.11.0:*:*:*:*:*:*:*", "versionStartIncluding": "14.0.0", "versionEndExcluding": "14.11.0", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:nodejs:node.js:12.18.4:*:*:*:lts:*:*:*", "versionStartIncluding": "12.0.0", "versionEndExcluding": "12.18.4", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://hackerone.com/reports/922597", "name": "https://hackerone.com/reports/922597", "refsource": "MISC", "tags": ["Permissions Required"]}, {"url": "https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/", "name": "https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/", "refsource": "MISC", "tags": ["Vendor Advisory"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html", "name": "openSUSE-SU-2020:1616", "refsource": "SUSE", "tags": ["Third Party Advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20201009-0004/", "name": "https://security.netapp.com/advisory/ntap-20201009-0004/", "refsource": "CONFIRM", "tags": ["Third Party Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/", "name": "FEDORA-2020-43d5a372fc", "refsource": "FEDORA", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://security.gentoo.org/glsa/202101-07", "name": "GLSA-202101-07", "refsource": "GENTOO", "tags": ["Third Party Advisory"]}], "product_info": [{"vendor": "Nodejs", "product": "Node.js"}, {"vendor": "Fedoraproject", "product": "Fedora"}, {"vendor": "Opensuse", "product": "Leap"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"cweId": "CWE-444", "description": "HTTP Request Smuggling (CWE-444)", "lang": "en", "type": "CWE"}]}], "exploits": [], "assigned": "1976-01-01T00:00:00"}

{"ubuntucve": [{"lastseen": "2023-09-14T19:28:58", "description": "Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync\nattacks and deliver malicious payloads to unsuspecting users. The payloads\ncan be crafted by an attacker to hijack user sessions, poison cookies,\nperform clickjacking, and a multitude of other attacks depending on the\narchitecture of the underlying system. The attack was possible due to a bug\nin processing of carrier-return symbols in the HTTP header names.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-09-18T00:00:00", "type": "ubuntucve", "title": "CVE-2020-8201", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8201"], "modified": "2020-09-18T00:00:00", "id": "UB:CVE-2020-8201", "href": "https://ubuntu.com/security/CVE-2020-8201", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "veracode": [{"lastseen": "2022-07-26T16:31:40", "description": "Node.js is vulnerable to clickjacking. An attacker can perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-09-24T10:39:21", "type": "veracode", "title": "Clickjacking Attack", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8201"], "modified": "2021-01-11T13:59:06", "id": "VERACODE:27225", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-27225/summary", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "alpinelinux": [{"lastseen": "2023-06-23T11:05:53", "description": "Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-09-18T21:15:00", "type": "alpinelinux", "title": "CVE-2020-8201", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8201"], "modified": "2022-05-24T17:24:00", "id": "ALPINE:CVE-2020-8201", "href": "https://security.alpinelinux.org/vuln/CVE-2020-8201", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "debiancve": [{"lastseen": "2023-06-06T14:57:42", "description": "Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-09-18T21:15:00", "type": "debiancve", "title": "CVE-2020-8201", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8201"], "modified": "2020-09-18T21:15:00", "id": "DEBIANCVE:CVE-2020-8201", "href": "https://security-tracker.debian.org/tracker/CVE-2020-8201", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "redhatcve": [{"lastseen": "2023-06-06T15:07:09", "description": "A flaw was found in Node.js, where affected Node.js versions converted carriage returns in HTTP request headers to a hyphen before parsing. This flaw leads to HTTP Request Smuggling as it is a non-standard interpretation of the header. The highest threat from this vulnerability is to confidentiality and integrity.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-09-16T02:18:28", "type": "redhatcve", "title": "CVE-2020-8201", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8201"], "modified": "2023-04-06T08:20:44", "id": "RH:CVE-2020-8201", "href": "https://access.redhat.com/security/cve/cve-2020-8201", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "hackerone": [{"lastseen": "2023-08-09T00:55:42", "bounty": 0.0, "description": "> NOTE! Thanks for submitting a report! Please replace *all* the [square] sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report!\n\n**Summary:** [add summary of the vulnerability]\nApparently, node.js converts CR in HTTP request headers to hyphen before parsing. This can lead to HTTP Request Smuggling as it is a non-standard interpretation of the header.\n\n**Description:** [add more details about this vulnerability]\nConsider an HTTP request with Content[CR]Length header . Suppose a proxy in front of node.js ignores the Content[CR]Length header (and therefore assumes a 0-length body). node, on the other hand, converts the CR to a hyphen and uses the value of the (newly formed...) Content-Length header. HTTP Request Smuggling ensues.\n\n## Steps To Reproduce:\nThis is the HTTP stream that demonstrates the vulnerability:\nGET / HTTP/1.1\nHost: www.example.com\nContent[CR]Length: 42\nConnection: Keep-Alive\n\nGET /proxy_sees_this HTTP/1.1\nSomething: GET /node_sees_this HTTP/1.1\nHost: www.example.com\n\nA proxy server that ignores the invalid Content[CR]Length header will assume that the body length is 0 (since there's no body length indication), and will thus transmit the stream up to (but not including) the GET /proxy_sees_this. It will wait for node to respond (which interestingly does happen, even though node.js does expect the body - perhaps on GET requests, the URL is invoked regardless of the body?), then the proxy forwards the second request (from its perspective) - the GET /proxy_sees_this. Node then silently discards the expected 42 bytes of the body of the first request, and thus starts parsing the 2nd request from GET /node_sees_this.\nHTTP Request Smuggling ensues.\n\n[Also, if you were able to find the piece of code responsible for this issue, please add a link to it in the source repository.]\n\n## Impact: [add why this issue matters]\nHTTP Request Smuggling can lead to web cache poisoning, session hijacking, cross site scripting, etc.\n\n## Supporting Material/References:\n\n * List any additional material (e.g. screenshots, logs, references, commits, code examples, etc.).\n\n## Impact\n\nHTTP Request Smuggling can lead to web cache poisoning, session hijacking, cross site scripting, etc.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-07-13T14:57:33", "type": "hackerone", "title": "Node.js: HTTP Request Smuggling due to CR-to-Hyphen conversion", "bulletinFamily": "bugbounty", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8201"], "modified": "2020-10-17T19:15:29", "id": "H1:922597", "href": "https://hackerone.com/reports/922597", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "ibm": [{"lastseen": "2023-02-27T21:48:26", "description": "## Summary\n\nNode.js (Update 15-Sept-2020) Security releases available\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-8201](<https://vulners.com/cve/CVE-2020-8201>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188591](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188591>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2020-8252](<https://vulners.com/cve/CVE-2020-8252>) \n** DESCRIPTION: **Node.js is vulnerable to a buffer overflow, caused by improper bounds checking by the libuv's fs.realpath.native. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188593>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAll supported versions (10.x, and 12.x) of Node.js are vulnerable.\n\n \nThrough the command-line Cloud Foundry client run the following command: \n \ncf ssh &lt;appname&gt; -c \u201ccat app/logs/staging_task.log\u201d | grep \u201cInstalling node\u201d \n\\-----&gt; Installing node 10.21.1\n\nAlternatively, through the command-line Cloud Foundry client run the following command:\n\n$ cf ssh &lt;appname&gt; -c \u201ccat app/logs/staging_task.log\u201d | grep \u201cIBM SDK for Node.js\u201d \n\\-----&gt; IBM SDK for Node.js Buildpack v4.5-20201130-1530\n\nIf the Buildpack version is not at least v4.5 your application may be vulnerable.\n\n \n\n\n## Remediation/Fixes\n\nThe fixes for these vulnerabilities are included in Node.js v10.22.1 and subsequent releases. \nThe fixes for these vulnerabilities are included in Node.js v12.18.4 and subsequent releases. \n\n \nTo upgrade to the latest version of the Node.js runtime, please specify the latest Node.js runtime in your package.json file for your application:\n\n\"engines\": { \n\"node\": \"10.*\" \n}, \nor \n\"engines\": { \n\"node\": \"12.*\" \n},\n\nYou will then need to restage (or re-push) your application using the IBM SDK for Node.js Buildpack v4.5.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-09T21:03:15", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities affect IBM\u00ae SDK for Node.js\u2122 in IBM Cloud", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8201", "CVE-2020-8252"], "modified": "2020-12-09T21:03:15", "id": "8FF3A63E35BBF2DC0FF818FE6BCEA38F72D22EEAE3E1C5E19B8EEB82EE8D6B68", "href": "https://www.ibm.com/support/pages/node/6380402", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-27T21:49:11", "description": "## Summary\n\nNode.js is vulnerable to HTTP request smuggling and to a buffer overflow which can affect IBM Spectrum Control.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-8201](<https://vulners.com/cve/CVE-2020-8201>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188591](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188591>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2020-8252](<https://vulners.com/cve/CVE-2020-8252>) \n** DESCRIPTION: **Node.js is vulnerable to a buffer overflow, caused by improper bounds checking by the libuv's fs.realpath.native. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188593>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Control| 5.3.0.1-5.4.0 \n \n\n\n## Remediation/Fixes\n\n** Release**| **First Fixing** \n**VRM Level**| ** Link to Fix** \n---|---|--- \n5.4.1| 5.4.1| <http://www.ibm.com/support/docview.wss?uid=swg21320822#53_0> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-05T09:09:59", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Node.js affect IBM Spectrum Control (CVE-2020-8201, CVE-2020-8252)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8201", "CVE-2020-8252"], "modified": "2020-11-05T09:09:59", "id": "1119303B8319599145604A9A6BE49858F5B1EBDE75E0E27647D393CA6266C7F6", "href": "https://www.ibm.com/support/pages/node/6359901", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-27T21:48:04", "description": "## Summary\n\nA security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Managed Service and Infrastructure Management\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-8201](<https://vulners.com/cve/CVE-2020-8201>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188591](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188591>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2020-8252](<https://vulners.com/cve/CVE-2020-8252>) \n** DESCRIPTION: **Node.js is vulnerable to a buffer overflow, caused by improper bounds checking by the libuv's fs.realpath.native. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188593>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak for Multicloud Management Infrastructure Management| 2.0 \nIBM Cloud Pak for Multicloud Management Infrastructure Management| 2.1 \n \n\n\n## Remediation/Fixes\n\nUpgrade to IBM Cloud Pak for Multicloud Management 2.2 by following the instructions in [https://www.ibm.com/support/knowledgecenter/en/SSFC4F_2.2.0/install/upgrade.html.](<https://www.ibm.com/support/knowledgecenter/en/SSFC4F_2.2.0/install/upgrade.html>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-15T17:52:41", "type": "ibm", "title": "Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Managed Service and Infrastructure Management", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8201", "CVE-2020-8252"], "modified": "2020-12-15T17:52:41", "id": "25A6C9E66F17216D58CDFA3F3A004ED3E98FB8EF07112896BA07716E088E1DAE", "href": "https://www.ibm.com/support/pages/node/6382372", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-27T21:46:07", "description": "## Summary\n\nIBM Cloud Private is vulnerable to Node.js vulnerabilities\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-8201](<https://vulners.com/cve/CVE-2020-8201>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188591](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188591>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2020-8252](<https://vulners.com/cve/CVE-2020-8252>) \n** DESCRIPTION: **Node.js is vulnerable to a buffer overflow, caused by improper bounds checking by the libuv's fs.realpath.native. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188593>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-8251](<https://vulners.com/cve/CVE-2020-8251>) \n** DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by delayed unfinished HTTP/1.1 requests submission. An attacker could exploit this vulnerability to make the server unable to accept new connections and exhaust all available resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188592](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188592>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Private| 3.2.1 CD \nIBM Cloud Private| 3.2.2 CD \n \n\n\n## Remediation/Fixes\n\nProduct defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages \n\n * IBM Cloud Private 3.2.1\n * IBM Cloud Private 3.2.2\n\nFor IBM Cloud Private 3.2.1, apply fix pack:\n\n * [IBM Cloud Private 3.2.1.2012](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.1.2012-build600194-41235&includeSupersedes=0> \"IBM Cloud Private 3.2.1.2012\" )\n\nFor IBM Cloud Private 3.2.2, apply fix pack:\n\n * [IBM Cloud Private 3.2.2.2012](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.2.2012-build600195-41237&includeSupersedes=0> \"IBM Cloud Private 3.2.2.2012\" )\n\n \n\n\nFor IBM Cloud Private 3.1.0, 3.1.1, 3.1.2, 3.2.0:\n\n * Upgrade to the latest Continuous Delivery (CD) update package, IBM Cloud Private 3.2.2. \n * If required, individual product fixes can be made available between CD update packages for resolution of problems. Contact IBM support for assistance\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-26T15:33:36", "type": "ibm", "title": "Security Bulletin: IBM Cloud Private is vulnerable to Node.js vulnerabilities (CVE-2020-8201, CVE-2020-8252, CVE-2020-8251)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8201", "CVE-2020-8251", "CVE-2020-8252"], "modified": "2021-02-26T15:33:36", "id": "8887549C6F161BCC915CE1D3E4A9664CCF6B9D448CFED4C3CDB1B69DEC64DC56", "href": "https://www.ibm.com/support/pages/node/6417485", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-27T21:48:27", "description": "## Summary\n\nA potential vulnerability has been identified related to Node.js. Refer to details for additional information.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-8201](<https://vulners.com/cve/CVE-2020-8201>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188591](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188591>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2020-8252](<https://vulners.com/cve/CVE-2020-8252>) \n** DESCRIPTION: **Node.js is vulnerable to a buffer overflow, caused by improper bounds checking by the libuv's fs.realpath.native. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188593>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-8251](<https://vulners.com/cve/CVE-2020-8251>) \n** DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by delayed unfinished HTTP/1.1 requests submission. An attacker could exploit this vulnerability to make the server unable to accept new connections and exhaust all available resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188592](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188592>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWA for ICP| 1.4.0, 1.4.1, 1.4.2 \n \n\n\n## Remediation/Fixes\n\nUpgrade to the latest (1.5.0) release of WA for CP4D which maintains backward compatibility with the versions listed above.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-09T16:31:01", "type": "ibm", "title": "Security Bulletin: Potential vulnerability with Node.js", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8201", "CVE-2020-8251", "CVE-2020-8252"], "modified": "2020-12-09T16:31:01", "id": "7B0A9F47A8DDE29D9D046C44FDF481AAAE46C250D18595E90E3B2FD6919C01CE", "href": "https://www.ibm.com/support/pages/node/6379130", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-27T21:48:15", "description": "## Summary\n\nIBM Cloud Transformation Advisor has addressed the following vulnerabilities: CVE-2020-8251, CVE-2020-8201, CVE-2020-8252\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-8251](<https://vulners.com/cve/CVE-2020-8251>) \n** DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by delayed unfinished HTTP/1.1 requests submission. An attacker could exploit this vulnerability to make the server unable to accept new connections and exhaust all available resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188592](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188592>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8201](<https://vulners.com/cve/CVE-2020-8201>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188591](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188591>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2020-8252](<https://vulners.com/cve/CVE-2020-8252>) \n** DESCRIPTION: **Node.js is vulnerable to a buffer overflow, caused by improper bounds checking by the libuv's fs.realpath.native. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188593>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Transformation Advisor| 2.3.0, 2.3.1 \n \n\n\n## Remediation/Fixes\n\nUpgrade to 2.4.0 or later. \n\nIBM Cloud Transformation Advisor can be installed from OperatorHub page in Red Hat OpenShift Container Platform or locally following this [link](<https://www.ibm.com/cloud/architecture/tutorials/install-ibm-transformation-advisor-local> \"link\" ).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-14T15:16:30", "type": "ibm", "title": "Security Bulletin: IBM Cloud Transformation Advisor is affected by multiple Node.js vulnerabilities.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8201", "CVE-2020-8251", "CVE-2020-8252"], "modified": "2020-12-14T15:16:30", "id": "6E156A9F23818EEB8BED9BD1CCA793D1E39ECA327F8731EDD8B312FDE05B0534", "href": "https://www.ibm.com/support/pages/node/6381846", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-27T21:48:05", "description": "## Summary\n\nNetcool Operations Insight - Cloud Native Event Analytics has addressed the following vulnerability in Apache Commons Codec\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-8201](<https://vulners.com/cve/CVE-2020-8201>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188591](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188591>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2020-8252](<https://vulners.com/cve/CVE-2020-8252>) \n** DESCRIPTION: **Node.js is vulnerable to a buffer overflow, caused by improper bounds checking by the libuv's fs.realpath.native. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188593>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-8251](<https://vulners.com/cve/CVE-2020-8251>) \n** DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by delayed unfinished HTTP/1.1 requests submission. An attacker could exploit this vulnerability to make the server unable to accept new connections and exhaust all available resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188592](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188592>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nNetcool Operations Insight - Cloud Native Event Analytics| 1.6.x \n \n\n\n## Remediation/Fixes\n\nMove to IBM Netcool Operations Insight V1.6.3 on Red Hat OpenShift \n\n<https://www.ibm.com/support/knowledgecenter/en/SSTPTP_1.6.3/com.ibm.netcool_ops.doc/soc/integration/task/soc_int_upgrade_cloud.html>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-15T17:43:12", "type": "ibm", "title": "Security Bulletin: Netcool Operations Insight - Cloud Native Event Analytics is affected by an Apache Commons Codec vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8201", "CVE-2020-8251", "CVE-2020-8252"], "modified": "2020-12-15T17:43:12", "id": "18131D0BA650EF9B41DA93FCB8F2132161DB2CCC728DA0699E1EAA97DC50C9FA", "href": "https://www.ibm.com/support/pages/node/6382364", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-27T21:48:20", "description": "## Summary\n\nSecurity vulnerabilities have been reported for Node.js. IBM Business Automation Workflow and IBM BPM include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-8201](<https://vulners.com/cve/CVE-2020-8201>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188591](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188591>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2020-8252](<https://vulners.com/cve/CVE-2020-8252>) \n** DESCRIPTION: **Node.js is vulnerable to a buffer overflow, caused by improper bounds checking by the libuv's fs.realpath.native. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188593>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-8251](<https://vulners.com/cve/CVE-2020-8251>) \n** DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by delayed unfinished HTTP/1.1 requests submission. An attacker could exploit this vulnerability to make the server unable to accept new connections and exhaust all available resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188592](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188592>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Business Automation Workflow| V20.0 \nV19.0 \nV18.0 \nIBM Business Process Manager| V8.6 \nV8.5 \n \nFor earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.\n\n \n\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the Interim Fix (iFix) or Cumulative Fix (CF) containing APAR [JR62874](<https://www.ibm.com/support/docview.wss?uid=swg1JR62874> \"JR62874\" ) as soon as practical: \n\n * [IBM Business Automation Workflow](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Automation+Workflow&release=All&platform=All&function=aparId&apars=JR62874>) (including fix for IBM Business Process Manager V8.6.0.0 2018.03)\n * [IBM Business Process Manager Advanced](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Advanced&release=All&platform=All&function=aparId&apars=JR62874>)\n * [IBM Business Process Manager Standard](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Standard&release=All&platform=All&function=aparId&apars=JR62874>)\n * [IBM Business Process Manager Express](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Express&release=All&platform=All&function=aparId&apars=JR62874>)\n\nFor IBM Business Automation Workflow V18.0, V19.0, and V20.0 \n\u00b7 Upgrade to minimal cumulative fix levels as required by iFix and then apply iFix [JR62874](<https://www.ibm.com/support/docview.wss?uid=swg1JR62874> \"JR62874\" ) \n\\--OR-- \n\u00b7 Apply cumulative fix Business Automation Workflow V20.0.0.2 or later \n \nFor IBM Business Process Manager V8.6 \n\u00b7 Upgrade to minimal cumulative fix levels as required by iFix and then apply iFix [JR62874](<https://www.ibm.com/support/docview.wss?uid=swg1JR62874> \"JR62874\" ) \n\\--OR-- \n\u00b7 Upgrade to Business Automation Workflow V20.0.0.2 or later \n \nFor IBM BPM V8.5 \n\u00b7 Upgrade to IBM BPM V8.5.7, apply [Cumulative Fix 2017.06](<http://www.ibm.com/support/docview.wss?uid=swg24043591>) and then apply iFix [JR62874](<https://www.ibm.com/support/docview.wss?uid=swg1JR62874> \"JR62874\" ) \n\\--OR-- \n\u00b7 Upgrade to Business Automation Workflow V20.0.0.2 or later\n\n## Workarounds and Mitigations\n\n[IBM BPM Configuration Editor](<https://www.ibm.com/support/knowledgecenter/SS8JB4_20.x/com.ibm.wbpm.imuc.doc/topics/tcfg_edit_lin_db2.html>) is a stand-alone tool for editing properties file. Use a standard text file editor instead.\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-11T07:41:24", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in node.js may affect configuration editor used in IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-8201, CVE-2020-8252, CVE-2020-8251", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8201", "CVE-2020-8251", "CVE-2020-8252"], "modified": "2020-12-11T07:41:24", "id": "93427DA4CA2CD6F06C0F65C6C8A747924B9736924E6E55B544BEE8FF282D8045", "href": "https://www.ibm.com/support/pages/node/6381256", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-27T21:47:43", "description": "## Summary\n\nA vulnerability in Node.js used by IBM Netcool Agile Service Manager has been identified. Netcool Agile Service Manager has addressed the CVE.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-8201](<https://vulners.com/cve/CVE-2020-8201>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188591](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188591>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2020-8252](<https://vulners.com/cve/CVE-2020-8252>) \n** DESCRIPTION: **Node.js is vulnerable to a buffer overflow, caused by improper bounds checking by the libuv's fs.realpath.native. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188593>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-8251](<https://vulners.com/cve/CVE-2020-8251>) \n** DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by delayed unfinished HTTP/1.1 requests submission. An attacker could exploit this vulnerability to make the server unable to accept new connections and exhaust all available resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188592](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188592>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Netcool Agile Service Manager| 1.1 \n \n\n\n## Remediation/Fixes\n\nUpdate to IBM Netcool Agile Service Manager 1.1.10 \n\nTo install Netcool\u00ae Agile Service Manager Version 1.1.10, you download the installation images from IBM\u00ae Passport Advantage\u00ae. You then follow standard installation procedures, whether you install a new instance of Agile Service Manager, or upgrade an existing version.\n\nOCP version\n\n[Download IBM Watson AIOps](<https://www.ibm.com/support/pages/node/6254309>)\n\nDocker compose version:\n\n# [Download Netcool Agile Service Manager v1.1.10 (updated 11 December 2020)](<https://www.ibm.com/support/pages/node/589201> \"Download Netcool Agile Service Manager v1.1.10 \\(updated 11 December 2020\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-04T14:37:20", "type": "ibm", "title": "Security Bulletin: Vulnerability in Node.js affects IBM Netcool Agile Service Manager", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8201", "CVE-2020-8251", "CVE-2020-8252"], "modified": "2021-01-04T14:37:20", "id": "9580C73986356B38CDDF1344670EFAE6446ED3D7433AC78C8AD1CC5824EE67DB", "href": "https://www.ibm.com/support/pages/node/6395552", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-27T21:47:42", "description": "## Summary\n\nIBM Cloud Pak for Integration is vulnerable to Node.js CVE-2020-8251, CVE-2020-8201, and CVE-2020-8252, with details of each below.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-8201](<https://vulners.com/cve/CVE-2020-8201>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188591](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188591>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2020-8251](<https://vulners.com/cve/CVE-2020-8251>) \n** DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by delayed unfinished HTTP/1.1 requests submission. An attacker could exploit this vulnerability to make the server unable to accept new connections and exhaust all available resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188592](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188592>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8252](<https://vulners.com/cve/CVE-2020-8252>) \n** DESCRIPTION: **Node.js is vulnerable to a buffer overflow, caused by improper bounds checking by the libuv's fs.realpath.native. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188593>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nPlatform Navigator in IBM Cloud Pak for Integration (CP4I)| All prior to 2020.4 \nAsset Repository in IBM Cloud Pak for Integration (CP4I)| All prior to 2020.4 \n \n \n\n\n## Remediation/Fixes\n\n**Platform Navigator ****IBM Cloud Pak for Integration**\n\nUpgrade Platform Navigator to 2020.4.1.1-0 using the Operator upgrade process described in the Knowledge Center <https://www.ibm.com/support/knowledgecenter/SSGT7J_20.4/upgrade/upgrade_platform_navigator.html>\n\n**Asset Repository** **in IBM Cloud Pak for Integration**\n\nUpgrade Asset Repository to 2020.4.1.1-0 using the Operator upgrade process described in the Knowledge Center <https://www.ibm.com/support/knowledgecenter/SSGT7J_20.4/upgrade/upgrade_asset_repo.html>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-05T11:57:31", "type": "ibm", "title": "Security Bulletin: IBM Cloud Pak for Integration is affected by multiple Node.js vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8201", "CVE-2020-8251", "CVE-2020-8252"], "modified": "2021-01-05T11:57:31", "id": "D09099104FD73909B7A17C8A562A046B31FE40ED451593AC739AE369D3E4A1F7", "href": "https://www.ibm.com/support/pages/node/6397686", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-27T21:48:07", "description": "## Summary\n\nApp Connect Enterprise Certified Container when running Desginer flows may be vulnerable to Denial of Service via to CVE-2020-8237, HTTP request smuggling via CVE-2020-8201 or buffer overflows via CVE-2020-8252.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-8237](<https://vulners.com/cve/CVE-2020-8237>) \n** DESCRIPTION: **Node.js json-bigint module is vulnerable to a denial of service, caused by a prototype pollution flaw. By adding or modifying Object properties, a remote attacker could exploit this vulnerability cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188526](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188526>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8201](<https://vulners.com/cve/CVE-2020-8201>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188591](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188591>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2020-8252](<https://vulners.com/cve/CVE-2020-8252>) \n** DESCRIPTION: **Node.js is vulnerable to a buffer overflow, caused by improper bounds checking by the libuv's fs.realpath.native. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188593>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nApp Connect Enterprise Certified Container| 1.0.0 with Operator \nApp Connect Enterprise Certified Container| 1.0.1 with Operator \nApp Connect Enterprise Certified Container| 1.0.2 with Operator \nApp Connect Enterprise Certified Container| 1.0.3 with Operator \nApp Connect Enterprise Certified Container| 1.0.4 with Operator \nApp Connect Enterprise Certified Container| 1.0.5 with Operator \n \n\n\n## Remediation/Fixes\n\nUpgrade to App Connect Enterprise Certified Container to Operator version 1.1.0 (available in CASE 1.1.0) or higher, and ensure that all components are upgraded to 11.0.0.10-r3 or higher.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-15T13:19:44", "type": "ibm", "title": "Security Bulletin: App Connect Enterprise Certified Container may be vulnerable to buffer overflows, Denial of Service or HTTP request smuggling", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8201", "CVE-2020-8237", "CVE-2020-8252"], "modified": "2020-12-15T13:19:44", "id": "D86E7C6F72238274E058527933A79DBFB080B32C167FF20627B19173CA4A73F7", "href": "https://www.ibm.com/support/pages/node/6382230", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-27T21:47:01", "description": "## Summary\n\nIBM API Connect has addressed the following vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-8201](<https://vulners.com/cve/CVE-2020-8201>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188591](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188591>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2020-8251](<https://vulners.com/cve/CVE-2020-8251>) \n** DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by delayed unfinished HTTP/1.1 requests submission. An attacker could exploit this vulnerability to make the server unable to accept new connections and exhaust all available resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188592](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188592>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8252](<https://vulners.com/cve/CVE-2020-8252>) \n** DESCRIPTION: **Node.js is vulnerable to a buffer overflow, caused by improper bounds checking by the libuv's fs.realpath.native. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188593>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM API Connect| API Connect V10.0.1.0 \nIBM API Connect| V2018.4.1.0-2018.4.1.13 \n \n## Remediation/Fixes\n\n \n\n\nAffected Product| Addressed in VRMF| APAR| Remediation/First Fix \n---|---|---|--- \n \nIBM API Connect \n\nV2018.4.1.0-2018.4.1.13\n\n| 2018.4.1.15| \n\nLI81959\n\n| \n\nAddressed in IBM API Connect V2018.4.1.15.\n\nAll components are impacted.\n\nFollow this link and find the packages.\n\n[http://www.ibm.com/support/fixcentral/swg/quickorder](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=2018.4.1.13&platform=All&function=all&source=fc> \"http://www.ibm.com/support/fixcentral/swg/quickorder\" ) \n \nIBM API Connect \n\nV10.0.1.0\n\n| 10.0.1.1| \n\nLI81959\n\n| \n\nAddressed in IBM API Connect V10.0.1.1\n\nAll components are impacted.\n\nFollow this link and find the packages.\n\n \n\n\n[http://www.ibm.com/support/fixcentral/swg/quickorder](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=10.0.0.0&platform=All&function=all&source=fc> \"http://www.ibm.com/support/fixcentral/swg/quickorder\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-02T13:55:18", "type": "ibm", "title": "Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Node.js.(CVE-2020-8201 CVE-2020-8251 CVE-2020-8252 )", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8201", "CVE-2020-8251", "CVE-2020-8252"], "modified": "2021-02-02T13:55:18", "id": "D841E600D8569B75D99F3956AFB7F96288D0453BD114E6F7D4F1F882CCD81720", "href": "https://www.ibm.com/support/pages/node/6410494", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-27T21:48:39", "description": "## Summary\n\nNode.js have released a security update that addresses several issues. It is recommended to upgrade the Node.js runtime.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-8201](<https://vulners.com/cve/CVE-2020-8201>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188591](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188591>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2020-8252](<https://vulners.com/cve/CVE-2020-8252>) \n** DESCRIPTION: **Node.js is vulnerable to a buffer overflow, caused by improper bounds checking by the libuv's fs.realpath.native. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188593>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-8251](<https://vulners.com/cve/CVE-2020-8251>) \n** DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by delayed unfinished HTTP/1.1 requests submission. An attacker could exploit this vulnerability to make the server unable to accept new connections and exhaust all available resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188592](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188592>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Streams Designer| CPD 2.5 \nIBM Streams Designer| CPD 3.0.0 \nIBM Streams Designer| CPD 3.0.1 \n \n\n\n## Remediation/Fixes\n\nUpgrade to IBM Cloud Pak for Data Streams Flows V3.5\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-30T17:10:32", "type": "ibm", "title": "Security Bulletin: Node.js upgrade for IBM Cloud Pak for Data Streams Flows", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8201", "CVE-2020-8251", "CVE-2020-8252"], "modified": "2020-11-30T17:10:32", "id": "D37EA0175408C99D13482136E01F3DFC84109D67FDDADB24C39F10A62CD75B86", "href": "https://www.ibm.com/support/pages/node/6373628", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-27T21:47:58", "description": "## Summary\n\nSecurity Bulletin: Version 12.18.0 of Node.js included in IBM Netcool Operations Insight 1.6.2.x has several security vulnerabilities\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-8251](<https://vulners.com/cve/CVE-2020-8251>) \n** DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by delayed unfinished HTTP/1.1 requests submission. An attacker could exploit this vulnerability to make the server unable to accept new connections and exhaust all available resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188592](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188592>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8201](<https://vulners.com/cve/CVE-2020-8201>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188591](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188591>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2020-8252](<https://vulners.com/cve/CVE-2020-8252>) \n** DESCRIPTION: **Node.js is vulnerable to a buffer overflow, caused by improper bounds checking by the libuv's fs.realpath.native. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188593>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Event Management on IBM Cloud Private| All \n \n\n\n## Remediation/Fixes\n\nIBM Netcool Operations Insight 1.6.3 includes the fix for this vulnerability. Please see IBM Support to upgrade to Netcool Operations Insight 1.6.3: <https://www.ibm.com/support/pages/node/6221238>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-17T11:52:59", "type": "ibm", "title": "Security Bulletin: Version 12.18.0 of Node.js included in IBM Netcool Operations Insight 1.6.2.x has several security vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8201", "CVE-2020-8251", "CVE-2020-8252"], "modified": "2020-12-17T11:52:59", "id": "AEFA58E0B299FCAB99F7C8D9EEE2E92FA51C6C59909F52D35CE3AA415C4C4F5D", "href": "https://www.ibm.com/support/pages/node/6386338", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-06-06T17:58:39", "description": "## Summary\n\nIBM Cloud Pak for Applications 4.3 nodejs and nodejs-express Appsody stacks is vulnerable to information disclosure, buffer overflow and prototype pollution exposures (CVE-2020-15095, CVE-2020-8116, CVE-2020-8201 and CVE-2020-8252). \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-15095](<https://vulners.com/cve/CVE-2020-15095>) \n** DESCRIPTION: **Node.js npm CLI module could allow a local attacker to obtain sensitive information, caused by the storing of user credentials in the log file. By persuading a victim to open a log file, an attacker could exploit this vulnerability to obtain user credentials. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184666](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184666>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-8116](<https://vulners.com/cve/CVE-2020-8116>) \n** DESCRIPTION: **Node.js dot-prop could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175850](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175850>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-8201](<https://vulners.com/cve/CVE-2020-8201>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188591](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188591>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2020-8252](<https://vulners.com/cve/CVE-2020-8252>) \n** DESCRIPTION: **Node.js is vulnerable to a buffer overflow, caused by improper bounds checking by the libuv&amp;#39;s fs.realpath.native. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188593>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak for Applications| 4.3 \n \n\n\n## Remediation/Fixes\n\nTo remove the security vulnerability exposure, use the new nodejs and nodejs-express stacks in IBM Cloud Pak for Applications, change the stack hub repository for your kabanero resource. For example, \"oc edit kabanero kabanero\" and change the url for the repsitory: \n\napiVersion: kabanero.io/v1alpha2 \nkind: Kabanero \nmetadata: \nname: kabanero \nnamespace: kabanero \nspec: \n... \nrepositories: \n\\- gitRelease: {} \nhttps: \nurl: <https://github.com/icp4apps/stack-hub/releases/download/0.22.1/icp4apps-stack-hub-index.yaml>\n\nThis configuration change will pick up the new nodejs and nodejs-express stacks located at: <https://github.com/kabanero-io/collections/releases/tag/0.10.4>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-08T00:42:15", "type": "ibm", "title": "Security Bulletin: IBM Cloud Pak for Applications 4.3 nodejs and nodejs-express Appsody stacks is vulnerable to information disclosure, buffer overflow and prototype pollution exposures", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15095", "CVE-2020-8116", "CVE-2020-8201", "CVE-2020-8252"], "modified": "2021-06-08T00:42:15", "id": "A3F0F73C564C34889CFF450428C9639D54138F1F9540F74320AAEC30CDBAF1C6", "href": "https://www.ibm.com/support/pages/node/6461891", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T17:55:51", "description": "## Summary\n\nNode.js as used by IBM Security QRadar Packet Capture contains multiple vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-8201](<https://vulners.com/cve/CVE-2020-8201>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188591](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188591>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2020-8252](<https://vulners.com/cve/CVE-2020-8252>) \n** DESCRIPTION: **Node.js is vulnerable to a buffer overflow, caused by improper bounds checking by the libuv's fs.realpath.native. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188593>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-8251](<https://vulners.com/cve/CVE-2020-8251>) \n** DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by delayed unfinished HTTP/1.1 requests submission. An attacker could exploit this vulnerability to make the server unable to accept new connections and exhaust all available resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188592](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188592>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8277](<https://vulners.com/cve/CVE-2020-8277>) \n** DESCRIPTION: **Node.js is vulnerable to a denial of service. By getting the application to resolve a DNS record with a larger number of responses, an attacker could exploit this vulnerability to trigger a DNS request for a host of their choice resulting in a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191755](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191755>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM QRadar Network Packet Capture 7.3.0 - 7.3.3 Fix Pack 7\n\nIBM QRadar Network Packet Capture 7.4.0 - 7.4.3 Fix Pack 1\n\n \n\n\n## Remediation/Fixes\n\n[IBM QRadar Network Packet Capture 7.3.3 Patch 8](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+QRadar+Network+Packet+Capture+Appliance&release=All&platform=Linux&function=fixId&fixids=7.3.3-QRadar-NETPCAP-Upgrade-20&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"IBM QRadar Network Packet Capture\u00a0 7.3.3 Patch 8\" )\n\n[IBM QRadar Network Packet Capture 7.4.3 Patch 2](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+QRadar+Network+Packet+Capture+Appliance&release=All&platform=Linux&function=fixId&fixids=7.4.3-QRadar-NETPCAP-Upgrade-1304&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"IBM QRadar Network Packet Capture\u00a0 7.4.3 Patch 2\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-10-07T18:16:53", "type": "ibm", "title": "Security Bulletin: Node.js as used by IBM Security QRadar Packet Capture contains multiple vulnerabilities (CVE-2020-8201, CVE-2020-8252, CVE-2020-8251, CVE-2020-8277)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8201", "CVE-2020-8251", "CVE-2020-8252", "CVE-2020-8277"], "modified": "2021-10-07T18:16:53", "id": "B1E750F05DC2133E8D51F675D3CBD67E8448BB183D36DC9052B6E9550A7CC5B5", "href": "https://www.ibm.com/support/pages/node/6497219", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-05-27T18:00:11", "description": "## Summary\n\nSecurity Vulnerabilities affect IBM Cloud Pak for Data - Node.js\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-8237](<https://vulners.com/cve/CVE-2020-8237>) \n** DESCRIPTION: **Node.js json-bigint module is vulnerable to a denial of service, caused by a prototype pollution flaw. By adding or modifying Object properties, a remote attacker could exploit this vulnerability cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188526](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188526>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8158](<https://vulners.com/cve/CVE-2020-8158>) \n** DESCRIPTION: **Node.js TypeORM module is vulnerable to a denial of service, caused by a prototype pollution flaw. By adding or modifying Object properties, a remote attacker could exploit this vulnerability cause a denial of service condition or SQL injection attacks. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188521](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188521>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-8251](<https://vulners.com/cve/CVE-2020-8251>) \n** DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by delayed unfinished HTTP/1.1 requests submission. An attacker could exploit this vulnerability to make the server unable to accept new connections and exhaust all available resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188592](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188592>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8201](<https://vulners.com/cve/CVE-2020-8201>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188591](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188591>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2020-8252](<https://vulners.com/cve/CVE-2020-8252>) \n** DESCRIPTION: **Node.js is vulnerable to a buffer overflow, caused by improper bounds checking by the libuv's fs.realpath.native. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188593>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nCP4D| 3.0.1 \n \n\n\n## Remediation/Fixes\n\n * Patch: \n<https://www.ibm.com/support/pages/node/6327429> \n\n\n * Users of IBM Cloud Pak for Data V3.0.1 are advised to: \nApply IBM Cloud Pak for Data V3.0.1 cpd-3.0.1-lite-patch-7\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-14T18:46:58", "type": "ibm", "title": "Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data - Node.js", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8158", "CVE-2020-8201", "CVE-2020-8237", "CVE-2020-8251", "CVE-2020-8252"], "modified": "2021-05-14T18:46:58", "id": "CF4D2769585468C3B5E0B9EFC35497D9319CF1A37CE4E048AEFE10EBDD3CFDD4", "href": "https://www.ibm.com/support/pages/node/6453411", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:48:39", "description": "## Summary\n\nNode.js have released a security update that addresses several issues. It is recommended to upgrade the Node.js runtime.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-8237](<https://vulners.com/cve/CVE-2020-8237>) \n** DESCRIPTION: **Node.js json-bigint module is vulnerable to a denial of service, caused by a prototype pollution flaw. By adding or modifying Object properties, a remote attacker could exploit this vulnerability cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188526](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188526>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8158](<https://vulners.com/cve/CVE-2020-8158>) \n** DESCRIPTION: **Node.js TypeORM module is vulnerable to a denial of service, caused by a prototype pollution flaw. By adding or modifying Object properties, a remote attacker could exploit this vulnerability cause a denial of service condition or SQL injection attacks. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188521](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188521>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-8251](<https://vulners.com/cve/CVE-2020-8251>) \n** DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by delayed unfinished HTTP/1.1 requests submission. An attacker could exploit this vulnerability to make the server unable to accept new connections and exhaust all available resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188592](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188592>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8201](<https://vulners.com/cve/CVE-2020-8201>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188591](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188591>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2020-8252](<https://vulners.com/cve/CVE-2020-8252>) \n** DESCRIPTION: **Node.js is vulnerable to a buffer overflow, caused by improper bounds checking by the libuv's fs.realpath.native. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188593>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Streams Designer| CPD 2.5 \nIBM Streams Designer| CPD 3.0.0 \nIBM Streams Designer| CPD 3.0.1 \n \n\n\n## Remediation/Fixes\n\nUpgrade to IBM Cloud Pak for Data Streams Flows V3.5\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-30T16:40:26", "type": "ibm", "title": "Security Bulletin: Node.js upgrade for IBM Cloud Pak for Data Streams Flows", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8158", "CVE-2020-8201", "CVE-2020-8237", "CVE-2020-8251", "CVE-2020-8252"], "modified": "2020-11-30T16:40:26", "id": "0AD9F83B7953049F0E33084A7BEC3D55EB9EA5F9A97EBB65BE8B8CA0F39E4A23", "href": "https://www.ibm.com/support/pages/node/6373618", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:46:18", "description": "## Summary\n\nThe Planning Analytics Workspace component of IBM Planning Analytics is affected by vulnerabilities . These have been addressed in IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 61.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2020-8201](<https://vulners.com/cve/CVE-2020-8201>) \n**DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188591](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188591>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n**CVEID: **[CVE-2020-8251](<https://vulners.com/cve/CVE-2020-8251>) \n**DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by delayed unfinished HTTP/1.1 requests submission. An attacker could exploit this vulnerability to make the server unable to accept new connections and exhaust all available resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188592](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188592>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2020-8252](<https://vulners.com/cve/CVE-2020-8252>) \n**DESCRIPTION: **Node.js is vulnerable to a buffer overflow, caused by improper bounds checking by the libuv's fs.realpath.native. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188593>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2020-25649](<https://vulners.com/cve/CVE-2020-25649>) \n**DESCRIPTION: **FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secured properly. A remote attacker could exploit this vulnerability to launch XML external entity (XXE) attacks to have impact over data integrity. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192648](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192648>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2020-4953](<https://vulners.com/cve/CVE-2020-4953>) \n**DESCRIPTION: **IBM Planning Analytics Workspace could allow a remote authenticated attacker to obtain information about an organization's internal structure by exposing sensitive information in HTTP repsonses. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192029](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192029>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Planning Analytics 2.0 Local and Cloud\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix as soon as practical.\n\n[Download IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 61 from Fix Central.](<https://www.ibm.com/support/pages/node/6406298> \"Download IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 61 from Fix Central.\" )\n\nThis Security Bulletin is applicable to IBM Planning Analytics 2.0 (Local).\n\nAll applicable vulnerabilities have been addressed on IBM Planning Analytics Cloud and no further action is required.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-22T16:30:54", "type": "ibm", "title": "Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25649", "CVE-2020-4953", "CVE-2020-8201", "CVE-2020-8251", "CVE-2020-8252"], "modified": "2021-02-22T16:30:54", "id": "FB37F0F7CF6522CCB3B684C95B5F64BEC8DDF83F29BF1BF109AD27B6810731D6", "href": "https://www.ibm.com/support/pages/node/6412707", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-27T21:48:05", "description": "## Summary\n\nNetcool Operations Insight - Cloud Native Event Analytics has addressed the following vulnerability in Apache Commons Codec\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-8237](<https://vulners.com/cve/CVE-2020-8237>) \n** DESCRIPTION: **Node.js json-bigint module is vulnerable to a denial of service, caused by a prototype pollution flaw. By adding or modifying Object properties, a remote attacker could exploit this vulnerability cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188526](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188526>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8158](<https://vulners.com/cve/CVE-2020-8158>) \n** DESCRIPTION: **Node.js TypeORM module is vulnerable to a denial of service, caused by a prototype pollution flaw. By adding or modifying Object properties, a remote attacker could exploit this vulnerability cause a denial of service condition or SQL injection attacks. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188521](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188521>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-8251](<https://vulners.com/cve/CVE-2020-8251>) \n** DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by delayed unfinished HTTP/1.1 requests submission. An attacker could exploit this vulnerability to make the server unable to accept new connections and exhaust all available resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188592](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188592>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8201](<https://vulners.com/cve/CVE-2020-8201>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188591](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188591>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2020-8252](<https://vulners.com/cve/CVE-2020-8252>) \n** DESCRIPTION: **Node.js is vulnerable to a buffer overflow, caused by improper bounds checking by the libuv's fs.realpath.native. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188593>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nNetcool Operations Insight - Cloud Native Event Analytics| 1.6.x \n \n\n\n## Remediation/Fixes\n\nMove to IBM Netcool Operations Insight V1.6.3 on Red Hat OpenShift \n\n<https://www.ibm.com/support/knowledgecenter/en/SSTPTP_1.6.3/com.ibm.netcool_ops.doc/soc/integration/task/soc_int_upgrade_cloud.html>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-15T17:42:17", "type": "ibm", "title": "Security Bulletin: Netcool Operations Insight - Cloud Native Event Analytics is affected by an Apache Commons Codec vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8158", "CVE-2020-8201", "CVE-2020-8237", "CVE-2020-8251", "CVE-2020-8252"], "modified": "2020-12-15T17:42:17", "id": "DAF97345BBBA82476B8FE6C0BC8B87D125698ABD4CD30673CBD15CBFEC010F3D", "href": "https://www.ibm.com/support/pages/node/6382360", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:47:29", "description": "## Summary\n\nIBM Event Streams is affected by the following vulnerabilities in the included Node.js runtime that is used for the UI and Schema Registry\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-8277](<https://vulners.com/cve/CVE-2020-8277>) \n** DESCRIPTION: **Node.js is vulnerable to a denial of service. By getting the application to resolve a DNS record with a larger number of responses, an attacker could exploit this vulnerability to trigger a DNS request for a host of their choice resulting in a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191755](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191755>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8201](<https://vulners.com/cve/CVE-2020-8201>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188591](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188591>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2020-8252](<https://vulners.com/cve/CVE-2020-8252>) \n** DESCRIPTION: **Node.js is vulnerable to a buffer overflow, caused by improper bounds checking by the libuv's fs.realpath.native. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188593>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-8251](<https://vulners.com/cve/CVE-2020-8251>) \n** DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by delayed unfinished HTTP/1.1 requests submission. An attacker could exploit this vulnerability to make the server unable to accept new connections and exhaust all available resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188592](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188592>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8237](<https://vulners.com/cve/CVE-2020-8237>) \n** DESCRIPTION: **Node.js json-bigint module is vulnerable to a denial of service, caused by a prototype pollution flaw. By adding or modifying Object properties, a remote attacker could exploit this vulnerability cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188526](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188526>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8158](<https://vulners.com/cve/CVE-2020-8158>) \n** DESCRIPTION: **Node.js TypeORM module is vulnerable to a denial of service, caused by a prototype pollution flaw. By adding or modifying Object properties, a remote attacker could exploit this vulnerability cause a denial of service condition or SQL injection attacks. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188521](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188521>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Event Streams| 2019.2.1 \n \nIBM Event Streams\n\n| \n\n2019.4.x \n \nIBM Event Streams in IBM Cloud Pak for Integration\n\n| 10.x \n \n\n\n## Remediation/Fixes\n\nUpgrade to IBM Event Streams 10.2.0 by following the [upgrading and migrating](<https://ibm.github.io/event-streams/installing/upgrading/> \"upgrading and migrating\" ) documentation.\n\nUpgrade from IBM Event Streams 2019.2.1 and 2019.4.x to the [latest Fix Pack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/IBM+Event+Streams&release=2019.4.1&platform=All&function=fixId&fixids=*IBM-Event-Streams*> \"latest Fix Pack\" ).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-15T14:41:11", "type": "ibm", "title": "Security Bulletin: IBM Event Streams is affected by multiple Node.js vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8158", "CVE-2020-8201", "CVE-2020-8237", "CVE-2020-8251", "CVE-2020-8252", "CVE-2020-8277"], "modified": "2021-01-15T14:41:11", "id": "10301FF6336C952B90C3BF7CBE84C410CA8A9F2722C29F538BA2BF6C7FFD1A3C", "href": "https://www.ibm.com/support/pages/node/6395504", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:48:30", "description": "## Summary\n\nIBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-8237](<https://vulners.com/cve/CVE-2020-8237>) \n** DESCRIPTION: **Node.js json-bigint module is vulnerable to a denial of service, caused by a prototype pollution flaw. By adding or modifying Object properties, a remote attacker could exploit this vulnerability cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188526](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188526>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8158](<https://vulners.com/cve/CVE-2020-8158>) \n** DESCRIPTION: **Node.js TypeORM module is vulnerable to a denial of service, caused by a prototype pollution flaw. By adding or modifying Object properties, a remote attacker could exploit this vulnerability cause a denial of service condition or SQL injection attacks. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188521](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188521>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-8251](<https://vulners.com/cve/CVE-2020-8251>) \n** DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by delayed unfinished HTTP/1.1 requests submission. An attacker could exploit this vulnerability to make the server unable to accept new connections and exhaust all available resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188592](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188592>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8201](<https://vulners.com/cve/CVE-2020-8201>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188591](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188591>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2020-8252](<https://vulners.com/cve/CVE-2020-8252>) \n** DESCRIPTION: **Node.js is vulnerable to a buffer overflow, caused by improper bounds checking by the libuv's fs.realpath.native. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188593>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-7708](<https://vulners.com/cve/CVE-2020-7708>) \n** DESCRIPTION: **Node.js irrelon-path and @irrelon/path modules could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the set, unSet, pushVal and pullVal functions. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186917](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186917>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-7706](<https://vulners.com/cve/CVE-2020-7706>) \n** DESCRIPTION: **Node.js connie-lang module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the configuration language library. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186913](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186913>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-7707](<https://vulners.com/cve/CVE-2020-7707>) \n** DESCRIPTION: **Node.js property-expr module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the setter function. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186916](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186916>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-15168](<https://vulners.com/cve/CVE-2020-15168>) \n** DESCRIPTION: **Node.js node-fetch module is vulnerable to a denial of service, caused by the failure to honor the size option after following a redirect. By using a specially-crafted file, a remote attacker could exploit this vulnerability to consume excessive resource on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188155](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188155>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nICP - Discovery| 2.0.0-2.1.4 \n \n\n\n## Remediation/Fixes\n\nUpgrade to IBM Watson Discovery 2.2.0 \n \n<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-09T04:41:37", "type": "ibm", "title": "Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15168", "CVE-2020-7706", "CVE-2020-7707", "CVE-2020-7708", "CVE-2020-8158", "CVE-2020-8201", "CVE-2020-8237", "CVE-2020-8251", "CVE-2020-8252"], "modified": "2020-12-09T04:41:37", "id": "4F727EC09488BA3419509F300A9AD0025F1245D7716544CE8751D7671913661B", "href": "https://www.ibm.com/support/pages/node/6364969", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:44:34", "description": "## Summary\n\nMuiltiple vulnerabilities in Node.js that is used by IBM InfoSphere Information Server were addressed.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-22884](<https://vulners.com/cve/CVE-2021-22884>) \n**DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by an error when the allowlist includes \"localhost6\". By controlling the victim's DNS server or spoofing its responses, an attacker could exploit this vulnerability to bypass the DNS rebinding protection mechanism using the \"localhost6\" domain and cause a denial of service. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197191](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197191>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H) \n \n**CVEID: **[CVE-2021-22883](<https://vulners.com/cve/CVE-2021-22883>) \n**DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by a file descriptor leak. By making multiple attempts to connect with an 'unknownProtocol', an attacker could exploit this vulnerability to lead to an excessive memory usage and cause the system to run out of memory. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197190](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197190>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2021-23840](<https://vulners.com/cve/CVE-2021-23840>) \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196848](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196848>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2020-8201](<https://vulners.com/cve/CVE-2020-8201>) \n**DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188591](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188591>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n**CVEID: **[CVE-2020-8252](<https://vulners.com/cve/CVE-2020-8252>) \n**DESCRIPTION: **Node.js is vulnerable to a buffer overflow, caused by improper bounds checking by the libuv's fs.realpath.native. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188593>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2020-8265](<https://vulners.com/cve/CVE-2020-8265>) \n**DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by a use-after-free in TLSWrap within the TLS implementation. By writing to a TLS enabled socket, an attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194101](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194101>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2020-8287](<https://vulners.com/cve/CVE-2020-8287>) \n**DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194100](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194100>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n**CVEID: **[CVE-2020-1971](<https://vulners.com/cve/CVE-2020-1971>) \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERAL_NAME_cmp function contain an EDIPARTYNAME, an attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192748](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192748>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2020-8277](<https://vulners.com/cve/CVE-2020-8277>) \n**DESCRIPTION: **Node.js is vulnerable to a denial of service. By getting the application to resolve a DNS record with a larger number of responses, an attacker could exploit this vulnerability to trigger a DNS request for a host of their choice resulting in a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191755](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191755>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nInfoSphere Information Server | 11.7 \n \n## Remediation/Fixes\n\n_Product_ | _VRMF_ | _APAR_ | _Remediation/First Fix_ \n---|---|---|--- \nInfoSphere Information Server, Information Server on Cloud | 11.7 | [JR63313](<http://www.ibm.com/support/docview.wss?uid=swg1JR63313> \"JR63313\" ) | \\--Apply IBM InfoSphere Information Server version [11.7.1.0](<https://www.ibm.com/support/pages/node/878310>) \n \n\\--Apply IBM InfoSphere Information Server version [11.7.1.1](<https://www.ibm.com/support/pages/node/6209196> \"11.7.1.1\" ) \n\\--Apply IBM Information Server version [11.7.1.1 Service Pack 1](<https://www.ibm.com/support/pages/node/6438057> \"11.7.1.1 Service Pack 1\" ) \n \nFor Red Hat 8 installations, contact IBM Customer support. \n \n**Contact Technical Support:**\n\nIn the United States and Canada dial **1-800-IBM-SERV** \nView the support [contacts for other countries](<http://www.ibm.com/planetwide/> \"contacts for other countries\" ) outside of the United States. \nElectronically [open a Service Request](<http://www.ibm.com/software/support/probsub.html> \"open a Service Request\" ) with Information Server Technical Support.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-01T22:28:12", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Node.js affect IBM InfoSphere Information Server", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1971", "CVE-2020-8201", "CVE-2020-8252", "CVE-2020-8265", "CVE-2020-8277", "CVE-2020-8287", "CVE-2021-22883", "CVE-2021-22884", "CVE-2021-23840"], "modified": "2021-04-01T22:28:12", "id": "B7D409E9A403BA9F7B31027D06EA38DD15E5D87F56D21161B5BA8A2053445315", "href": "https://www.ibm.com/support/pages/node/6437245", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-27T21:47:55", "description": "## Summary\n\nThe vulnerabilities are related to the WebSphere Liberty server, to Node.js runtime and modules and to other open source packages.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-7619](<https://vulners.com/cve/CVE-2019-7619>) \n**DESCRIPTION: **Elastic Elasticsearch could allow a remote attacker to obtain sensitive information, caused by a flaw in the API Key service. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain username information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/170656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/170656>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2020-7014](<https://vulners.com/cve/CVE-2020-7014>) \n**DESCRIPTION: **Elastic Elasticsearch ould allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper access control. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to generate authentication token with elevated privileges. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182943](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182943>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) \n \n**CVEID: **[CVE-2020-7009](<https://vulners.com/cve/CVE-2020-7009>) \n**DESCRIPTION: **Elastic Elasticsearch could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the authentication API key. An attacker could exploit this vulnerability to escalate privileges. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178916](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178916>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2020-4590](<https://vulners.com/cve/CVE-2020-4590>) \n**DESCRIPTION: **IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client. IBM X-Force ID: 184650. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184650](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184650>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2020-8251](<https://vulners.com/cve/CVE-2020-8251>) \n**DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by delayed unfinished HTTP/1.1 requests submission. An attacker could exploit this vulnerability to make the server unable to accept new connections and exhaust all available resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188592](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188592>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2020-8201](<https://vulners.com/cve/CVE-2020-8201>) \n**DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188591](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188591>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n**CVEID: **[CVE-2020-8252](<https://vulners.com/cve/CVE-2020-8252>) \n**DESCRIPTION: **Node.js is vulnerable to a buffer overflow, caused by improper bounds checking by the libuv's fs.realpath.native. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188593>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2020-10693](<https://vulners.com/cve/CVE-2020-10693>) \n**DESCRIPTION: **Hibernate Hibernate Validator could allow a remote attacker to bypass security restrictions, caused by a flaw in the message interpolation processor. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass input sanitation controls when handling user-controlled data in error messages. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182240](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182240>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2020-8244](<https://vulners.com/cve/CVE-2020-8244>) \n**DESCRIPTION: **Node.js bl module could allow a remote attacker to obtain sensitive information, caused by a buffer over-read flaw in the consume function. By sending a specially-crafted argument, an attacker could exploit this vulnerability to obtain sensitive information, or cause a denial of service condition. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/187518](<https://exchange.xforce.ibmcloud.com/vulnerabilities/187518>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L) \n \n**CVEID: **[CVE-2020-13822](<https://vulners.com/cve/CVE-2020-13822>) \n**DESCRIPTION: **Elliptic package for Node.js could allow a remote attacker to gain elevated privileges on the system. By using variations in encoding, leading '\\0' bytes, or integer overflows, an attacker could exploit this vulnerability to allow ECDSA signature malleability and elevated privileges on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184099](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184099>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2020-15168](<https://vulners.com/cve/CVE-2020-15168>) \n**DESCRIPTION: **Node.js node-fetch module is vulnerable to a denial of service, caused by the failure to honor the size option after following a redirect. By using a specially-crafted file, a remote attacker could exploit this vulnerability to consume excessive resource on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188155](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188155>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**Third Party Entry: **177309 \n**DESCRIPTION: **Node.js acorn module denial of service \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/177309 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177309>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Cloud Pak for Automation | 20.0.2 IF002 \nIBM Cloud Pak for Automation | 20.0.1 \n \n## Remediation/Fixes\n\n[Upgrade to IBM Cloud Pak for Automation 20.0.3](<https://www.ibm.com/support/pages/ibm-cloud-pak-automation-2003-download-document>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-18T15:33:49", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7619", "CVE-2020-10693", "CVE-2020-13822", "CVE-2020-15168", "CVE-2020-4590", "CVE-2020-7009", "CVE-2020-7014", "CVE-2020-8201", "CVE-2020-8244", "CVE-2020-8251", "CVE-2020-8252"], "modified": "2020-12-18T15:33:49", "id": "F0DEAA11864C79AB944778587F6E4E173522B7E2598E5D03BA63AD035A2ABBA7", "href": "https://www.ibm.com/support/pages/node/6382878", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:48:48", "description": "## Summary\n\nMultiple vulnerabilities in jQuery, Spring, Dom4j, MongoDB, Linux Kernel, Targetcli-fb, Jackson, Node.js, and Apache Commons affect IBM Spectrum Protect Plus.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-5408](<https://vulners.com/cve/CVE-2020-5408>) \n** DESCRIPTION: **VMware Tanzu Spring Security could allow a remote attacker to obtain sensitive information, caused by the use of a fixed null initialization vector with CBC Mode. By using dictionary attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181969](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181969>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-14062](<https://vulners.com/cve/CVE-2020-14062>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183425](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183425>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-14061](<https://vulners.com/cve/CVE-2020-14061>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183424](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183424>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-14060](<https://vulners.com/cve/CVE-2020-14060>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183422](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183422>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-24750](<https://vulners.com/cve/CVE-2020-24750>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188470](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188470>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H) \n \n** CVEID: **[CVE-2020-7921](<https://vulners.com/cve/CVE-2020-7921>) \n** DESCRIPTION: **MongoDB Server could allow a remote authenticated attacker to bypass security restrictions, caused by improper serialization of internal state in the authorization subsystem. An attacker could exploit this vulnerability to bypass IP allowlisting protection. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181688](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181688>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-10683](<https://vulners.com/cve/CVE-2020-10683>) \n** DESCRIPTION: **dom4j could allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data. By sending specially crafted XML data, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181356](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181356>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-11022](<https://vulners.com/cve/CVE-2020-11022>) \n** DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181349](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181349>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-11023](<https://vulners.com/cve/CVE-2020-11023>) \n** DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181350](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181350>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-7656](<https://vulners.com/cve/CVE-2020-7656>) \n** DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the load method. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182264](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182264>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-24616](<https://vulners.com/cve/CVE-2020-24616>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/187229](<https://exchange.xforce.ibmcloud.com/vulnerabilities/187229>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-8203](<https://vulners.com/cve/CVE-2020-8203>) \n** DESCRIPTION: **Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution attack. A remote attacker could exploit this vulnerability using the merge, mergeWith, and defaultsDeep functions to inject properties onto Object.prototype to crash the server and possibly execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8251](<https://vulners.com/cve/CVE-2020-8251>) \n** DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by delayed unfinished HTTP/1.1 requests submission. An attacker could exploit this vulnerability to make the server unable to accept new connections and exhaust all available resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188592](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188592>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8201](<https://vulners.com/cve/CVE-2020-8201>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188591](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188591>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2020-8252](<https://vulners.com/cve/CVE-2020-8252>) \n** DESCRIPTION: **Node.js is vulnerable to a buffer overflow, caused by improper bounds checking by the libuv's fs.realpath.native. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188593>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-10699](<https://vulners.com/cve/CVE-2020-10699>) \n** DESCRIPTION: **Open-iSCSI targetcli-fb could allow a local authenticated attacker to gain elevated privileges on the system, caused by an issue when the socket used by targetclid is world-writable. By modifying the iSCSI configuration, an authenticated attacker could exploit this vulnerability to gain elevated privileges as root. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/180968](<https://exchange.xforce.ibmcloud.com/vulnerabilities/180968>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-10757](<https://vulners.com/cve/CVE-2020-10757>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a flaw when mremap a mmaped DAX nvdimm to a mmaped anonymous memory region. By executing a specially-crafted program, a local attacker could exploit this vulnerability to cause corrupted page table resulting in a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182919](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182919>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-14195](<https://vulners.com/cve/CVE-2020-14195>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in rg.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183495](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183495>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-13867](<https://vulners.com/cve/CVE-2020-13867>) \n** DESCRIPTION: **Open-iSCSI targetcli-fb could allow a remote attacker to bypass security restrictions, caused by weak permissions for /etc/target. By sending a specially crafted request, an attacker could exploit this vulnerability to gain access to the backup directory and backup files. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183242](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183242>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-10766](<https://vulners.com/cve/CVE-2020-10766>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by a logic flaw in the implementation of SSBD. An attacker could exploit this vulnerability to turn off the SSBD protection. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-10768](<https://vulners.com/cve/CVE-2020-10768>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by an issue when Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. An attacker could exploit this vulnerability to perform a spectre v2 style attack. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183197](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183197>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-10767](<https://vulners.com/cve/CVE-2020-10767>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by an error in the implementation of Indirect Branch Prediction Barrier is force-disabled when STIBP is unavailable or enhanced IBRS is available. An attacker could exploit this vulnerability to perform a spectre v2 style attack. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183196](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183196>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** Third Party Entry: **177835 \n** DESCRIPTION: **Apache Commons Codec information disclosure \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/177835 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177835>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** Third Party Entry: **184666 \n** DESCRIPTION: **Node.js npm CLI module information disclosure \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/184666 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184666>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** Third Party Entry: **180875 \n** DESCRIPTION: **jQuery cross-site scripting \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/180875 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/180875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\n**Affected Product(s) \n**| **Version(s)** \n---|--- \nIBM Spectrum Protect Plus| 10.1.0-10.1.6 \n \n## Remediation/Fixes\n\n**Spectrum Protect** \n**Plus Release**| **First Fixing** \n**VRM Level**| **Platform**| **Link to Fix** \n---|---|---|--- \n10.1| 10.1.7| Linux| **<https://www.ibm.com/support/pages/node/6330495>** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-20T20:41:06", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in jQuery, Spring, Dom4j, MongoDB, Linux Kernel, Targetcli-fb, Jackson, Node.js, and Apache Commons affect IBM Spectrum Protect Plus", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10683", "CVE-2020-10699", "CVE-2020-10757", "CVE-2020-10766", "CVE-2020-10767", "CVE-2020-10768", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-13867", "CVE-2020-14060", "CVE-2020-14061", "CVE-2020-14062", "CVE-2020-14195", "CVE-2020-24616", "CVE-2020-24750", "CVE-2020-5408", "CVE-2020-7656", "CVE-2020-7921", "CVE-2020-8201", "CVE-2020-8203", "CVE-2020-8251", "CVE-2020-8252"], "modified": "2020-11-20T20:41:06", "id": "64ADFD088203597B59C398AB3DEF28DC4F72D37A4C48C7FA81C6531EDA6A9877", "href": "https://www.ibm.com/support/pages/node/6367943", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "altlinux": [{"lastseen": "2023-05-07T11:47:12", "description": "Sept. 16, 2020 Vitaly Lipatov 14.11.0-alt1\n \n \n - new version 14.11.0 (with rpmrb script)\n - CVE-2020-8251: Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests (Critical)\n - CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion (High)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-16T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 10 package node version 14.11.0-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8201", "CVE-2020-8251"], "modified": "2020-09-16T00:00:00", "id": "141705310F680119414629D61232C397", "href": "https://packages.altlinux.org/en/p10/srpms/node/", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-03-31T19:17:48", "description": "Sept. 16, 2020 Vitaly Lipatov 14.11.0-alt1\n \n \n - new version 14.11.0 (with rpmrb script)\n - CVE-2020-8251: Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests (Critical)\n - CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion (High)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-16T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 9 package node version 14.11.0-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8201", "CVE-2020-8251"], "modified": "2020-09-16T00:00:00", "id": "267015788547A7FA92F45445C0660023", "href": "https://packages.altlinux.org/en/p9/srpms/node/", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "amazon": [{"lastseen": "2023-06-06T15:42:18", "description": "**Issue Overview:**\n\nNode.js &lt; 12.18.4 and &lt; 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names. (CVE-2020-8201)\n\nA flaw was found in Node.js 14.x, in versions before 14.11, where it is vulnerable to a denial of service caused by delayed requests. When used as an edge server, this flaw allows an attacker to initiate a large number of HTTP requests, causing resource exhaustion and leaving the service unable to accept new connections. The highest threat from this vulnerability is to system availability. (CVE-2020-8251)\n\n \n**Affected Packages:** \n\n\nlibuv\n\n \n**Issue Correction:** \nRun _yum update libuv_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 libuv-1.39.0-1.amzn2.aarch64 \n \u00a0\u00a0\u00a0 libuv-devel-1.39.0-1.amzn2.aarch64 \n \u00a0\u00a0\u00a0 libuv-static-1.39.0-1.amzn2.aarch64 \n \u00a0\u00a0\u00a0 libuv-debuginfo-1.39.0-1.amzn2.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 libuv-1.39.0-1.amzn2.i686 \n \u00a0\u00a0\u00a0 libuv-devel-1.39.0-1.amzn2.i686 \n \u00a0\u00a0\u00a0 libuv-static-1.39.0-1.amzn2.i686 \n \u00a0\u00a0\u00a0 libuv-debuginfo-1.39.0-1.amzn2.i686 \n \n src: \n \u00a0\u00a0\u00a0 libuv-1.39.0-1.amzn2.src \n \n x86_64: \n \u00a0\u00a0\u00a0 libuv-1.39.0-1.amzn2.x86_64 \n \u00a0\u00a0\u00a0 libuv-devel-1.39.0-1.amzn2.x86_64 \n \u00a0\u00a0\u00a0 libuv-static-1.39.0-1.amzn2.x86_64 \n \u00a0\u00a0\u00a0 libuv-debuginfo-1.39.0-1.amzn2.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2020-8201](<https://access.redhat.com/security/cve/CVE-2020-8201>), [CVE-2020-8251](<https://access.redhat.com/security/cve/CVE-2020-8251>)\n\nMitre: [CVE-2020-8201](<https://vulners.com/cve/CVE-2020-8201>), [CVE-2020-8251](<https://vulners.com/cve/CVE-2020-8251>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-01-05T23:34:00", "type": "amazon", "title": "Important: libuv", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8201", "CVE-2020-8251"], "modified": "2021-01-06T20:38:00", "id": "ALAS2-2021-1581", "href": "https://alas.aws.amazon.com/AL2/ALAS-2021-1581.html", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "nessus": [{"lastseen": "2023-05-19T15:01:44", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1581 advisory.\n\n - Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names. (CVE-2020-8201)\n\n - Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections. (CVE-2020-8251)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-07T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : libuv (ALAS-2021-1581)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8201", "CVE-2020-8251"], "modified": "2021-01-07T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:libuv", "p-cpe:/a:amazon:linux:libuv-debuginfo", "p-cpe:/a:amazon:linux:libuv-devel", "p-cpe:/a:amazon:linux:libuv-static", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2021-1581.NASL", "href": "https://www.tenable.com/plugins/nessus/144797", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2021-1581.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144797);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/07\");\n\n script_cve_id(\"CVE-2020-8201\", \"CVE-2020-8251\");\n script_xref(name:\"ALAS\", value:\"2021-1581\");\n\n script_name(english:\"Amazon Linux 2 : libuv (ALAS-2021-1581)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS2-2021-1581 advisory.\n\n - Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious\n payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison\n cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the\n underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the\n HTTP header names. (CVE-2020-8201)\n\n - Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests\n submission which can make the server unable to accept new connections. (CVE-2020-8251)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2021-1581.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8201\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8251\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update libuv' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8201\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libuv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libuv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libuv-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libuv-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'libuv-1.39.0-1.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'libuv-1.39.0-1.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'libuv-1.39.0-1.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'libuv-debuginfo-1.39.0-1.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'libuv-debuginfo-1.39.0-1.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'libuv-debuginfo-1.39.0-1.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'libuv-devel-1.39.0-1.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'libuv-devel-1.39.0-1.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'libuv-devel-1.39.0-1.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'libuv-static-1.39.0-1.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'libuv-static-1.39.0-1.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'libuv-static-1.39.0-1.amzn2', 'cpu':'x86_64', 'release':'AL2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libuv / libuv-debuginfo / libuv-devel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:34", "description": "This update for nodejs12 fixes the following issues :\n\n - nodejs12 was updated to 12.18.4 LTS :\n\n - CVE-2020-8201: Fixed an HTTP Request Smuggling due to CR-to-Hyphen conversion (bsc#1176605).\n\n - CVE-2020-8252: Fixed a buffer overflow in realpath (bsc#1176589).\n\n - CVE-2020-15095: Fixed an information leak through log files (bsc#1173937).\n\n - Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation on Aarch64 with gcc10 (bsc#1172686)\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.", "cvss3": {}, "published": "2020-10-08T00:00:00", "type": "nessus", "title": "openSUSE Security Update : nodejs12 (openSUSE-2020-1616)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15095", "CVE-2020-8201", "CVE-2020-8252"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:nodejs12", "p-cpe:/a:novell:opensuse:nodejs12-debuginfo", "p-cpe:/a:novell:opensuse:nodejs12-debugsource", "p-cpe:/a:novell:opensuse:nodejs12-devel", "p-cpe:/a:novell:opensuse:npm12", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1616.NASL", "href": "https://www.tenable.com/plugins/nessus/141276", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1616.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141276);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2020-15095\", \"CVE-2020-8201\", \"CVE-2020-8252\");\n\n script_name(english:\"openSUSE Security Update : nodejs12 (openSUSE-2020-1616)\");\n script_summary(english:\"Check for the openSUSE-2020-1616 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for nodejs12 fixes the following issues :\n\n - nodejs12 was updated to 12.18.4 LTS :\n\n - CVE-2020-8201: Fixed an HTTP Request Smuggling due to\n CR-to-Hyphen conversion (bsc#1176605).\n\n - CVE-2020-8252: Fixed a buffer overflow in realpath\n (bsc#1176589).\n\n - CVE-2020-15095: Fixed an information leak through log\n files (bsc#1173937).\n\n - Explicitly add -fno-strict-aliasing to CFLAGS to fix\n compilation on Aarch64 with gcc10 (bsc#1172686)\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173937\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176605\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected nodejs12 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8201\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs12-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs12-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs12-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:npm12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"nodejs12-12.18.4-lp152.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"nodejs12-debuginfo-12.18.4-lp152.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"nodejs12-debugsource-12.18.4-lp152.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"nodejs12-devel-12.18.4-lp152.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"npm12-12.18.4-lp152.3.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs12 / nodejs12-debuginfo / nodejs12-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:13:38", "description": "This update for nodejs12 fixes the following issues :\n\nnodejs12 was updated to 12.18.4 LTS :\n\n - CVE-2020-8201: Fixed an HTTP Request Smuggling due to CR-to-Hyphen conversion (bsc#1176605).\n\n - CVE-2020-8252: Fixed a buffer overflow in realpath (bsc#1176589).\n\n - CVE-2020-15095: Fixed an information leak through log files (bsc#1173937).\n\nExplicitly add -fno-strict-aliasing to CFLAGS to fix compilation on Aarch64 with gcc10 (bsc#1172686)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2020:2812-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15095", "CVE-2020-8201", "CVE-2020-8252"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:nodejs12", "p-cpe:/a:novell:suse_linux:nodejs12-debuginfo", "p-cpe:/a:novell:suse_linux:nodejs12-debugsource", "p-cpe:/a:novell:suse_linux:nodejs12-devel", "p-cpe:/a:novell:suse_linux:npm12", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-2812-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143665", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2812-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143665);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\"CVE-2020-8201\", \"CVE-2020-8252\", \"CVE-2020-15095\");\n\n script_name(english:\"SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2020:2812-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for nodejs12 fixes the following issues :\n\nnodejs12 was updated to 12.18.4 LTS :\n\n - CVE-2020-8201: Fixed an HTTP Request Smuggling due to\n CR-to-Hyphen conversion (bsc#1176605).\n\n - CVE-2020-8252: Fixed a buffer overflow in realpath\n (bsc#1176589).\n\n - CVE-2020-15095: Fixed an information leak through log\n files (bsc#1173937).\n\nExplicitly add -fno-strict-aliasing to CFLAGS to fix compilation on\nAarch64 with gcc10 (bsc#1172686)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173937\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15095/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-8201/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-8252/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202812-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d4969ce6\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Web Scripting 12 :\n\nzypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-2812=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8201\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-8252\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs12-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs12-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs12-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:npm12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs12-12.18.4-1.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs12-debuginfo-12.18.4-1.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs12-debugsource-12.18.4-1.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs12-devel-12.18.4-1.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"npm12-12.18.4-1.20.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs12\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-12T15:19:04", "description": "The version of Node.js installed on the remote host is prior to 10.22.1 or 12.18.4 or 14.11.0. It is, therefore, affected by multiple vulnerabilities as referenced in the september-2020-security-releases advisory.\n\n - Affected Node.js versions converted carriage returns in HTTP request headers to a hyphen before parsing.\n This can lead to HTTP Request Smuggling as it is a non-standard interpretation of the header.\n (CVE-2020-8201)\n\n - Node.js is vulnerable to HTTP denial of service (DOS) attacks based on delayed requests submission which can make the server unable to accept new connections. The fix a new http.Server option called requestTimeout with a default value of 0 which means it is disabled by default. This should be set when Node.js is used as an edge server. (CVE-2020-8251)\n\n - libuv's realpath implementation incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes. (CVE-2020-8252)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-09-25T00:00:00", "type": "nessus", "title": "Node.js Multiple Vulnerabilities (September 2020 Security Releases)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8201", "CVE-2020-8251", "CVE-2020-8252"], "modified": "2023-09-11T00:00:00", "cpe": ["cpe:/a:nodejs:node.js"], "id": "NODEJS_2020_SEP.NASL", "href": "https://www.tenable.com/plugins/nessus/140795", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140795);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/11\");\n\n script_cve_id(\"CVE-2020-8201\", \"CVE-2020-8251\", \"CVE-2020-8252\");\n script_xref(name:\"IAVB\", value:\"2020-B-0057-S\");\n\n script_name(english:\"Node.js Multiple Vulnerabilities (September 2020 Security Releases)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Node.js - JavaScript run-time environment is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Node.js installed on the remote host is prior to 10.22.1 or 12.18.4 or 14.11.0. It is, therefore,\naffected by multiple vulnerabilities as referenced in the september-2020-security-releases advisory.\n\n - Affected Node.js versions converted carriage returns in HTTP request headers to a hyphen before parsing.\n This can lead to HTTP Request Smuggling as it is a non-standard interpretation of the header.\n (CVE-2020-8201)\n\n - Node.js is vulnerable to HTTP denial of service (DOS) attacks based on delayed requests submission which\n can make the server unable to accept new connections. The fix a new http.Server option called requestTimeout\n with a default value of 0 which means it is disabled by default. This should be set when Node.js is used\n as an edge server. (CVE-2020-8251)\n\n - libuv's realpath implementation incorrectly determined the buffer size which can result in a buffer overflow\n if the resolved path is longer than 256 bytes. (CVE-2020-8252)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?64b99430\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Node.js version 10.22.1 / 12.18.4 / 14.11.0 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8201\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-8252\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:nodejs:node.js\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nodejs_win_installed.nbin\", \"nodejs_installed_nix.nbin\", \"macosx_nodejs_installed.nbin\");\n script_require_keys(\"installed_sw/Node.js\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar win_local = FALSE;\nif (get_kb_item('SMB/Registry/Enumerated')) win_local = TRUE;\n\nvar app_info = vcf::get_app_info(app:'Node.js', win_local:win_local);\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nvar constraints = [\n { 'min_version' : '10.0.0', 'fixed_version' : '10.22.1' },\n { 'min_version' : '12.0.0', 'fixed_version' : '12.18.4' },\n { 'min_version' : '14.0.0', 'fixed_version' : '14.11.0' }\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:12", "description": "This update for nodejs12 fixes the following issues :\n\nnodejs12 was updated to 12.18.4 LTS :\n\n - CVE-2020-8201: Fixed an HTTP Request Smuggling due to CR-to-Hyphen conversion (bsc#1176605).\n\n - CVE-2020-8252: Fixed a buffer overflow in realpath (bsc#1176589).\n\n - CVE-2020-15095: Fixed an information leak through log files (bsc#1173937).\n\nExplicitly add -fno-strict-aliasing to CFLAGS to fix compilation on Aarch64 with gcc10 (bsc#1172686)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : nodejs12 (SUSE-SU-2020:2813-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15095", "CVE-2020-8201", "CVE-2020-8252"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:nodejs12", "p-cpe:/a:novell:suse_linux:nodejs12-debuginfo", "p-cpe:/a:novell:suse_linux:nodejs12-debugsource", "p-cpe:/a:novell:suse_linux:nodejs12-devel", "p-cpe:/a:novell:suse_linux:npm12", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-2813-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143663", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2813-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143663);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\"CVE-2020-8201\", \"CVE-2020-8252\", \"CVE-2020-15095\");\n\n script_name(english:\"SUSE SLES15 Security Update : nodejs12 (SUSE-SU-2020:2813-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for nodejs12 fixes the following issues :\n\nnodejs12 was updated to 12.18.4 LTS :\n\n - CVE-2020-8201: Fixed an HTTP Request Smuggling due to\n CR-to-Hyphen conversion (bsc#1176605).\n\n - CVE-2020-8252: Fixed a buffer overflow in realpath\n (bsc#1176589).\n\n - CVE-2020-15095: Fixed an information leak through log\n files (bsc#1173937).\n\nExplicitly add -fno-strict-aliasing to CFLAGS to fix compilation on\nAarch64 with gcc10 (bsc#1172686)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173937\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15095/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-8201/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-8252/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202813-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c2db25e7\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Web Scripting 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2020-2813=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8201\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-8252\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs12-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs12-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs12-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:npm12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"nodejs12-12.18.4-4.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"nodejs12-debuginfo-12.18.4-4.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"nodejs12-debugsource-12.18.4-4.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"nodejs12-devel-12.18.4-4.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"npm12-12.18.4-4.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs12\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:22:54", "description": "Node.js reports :\n\nUpdates are now available for v10,x, v12.x and v14.x Node.js release lines for the following issues. HTTP Request Smuggling due to CR-to-Hyphen conversion (High) (CVE-2020-8201) Affected Node.js versions converted carriage returns in HTTP request headers to a hyphen before parsing. This can lead to HTTP Request Smuggling as it is a non-standard interpretation of the header.\n\nImpacts :\n\n- All versions of the 14.x and 12.x releases line Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests (Critical) (CVE-2020-8251) Node.js is vulnerable to HTTP denial of service (DOS) attacks based on delayed requests submission which can make the server unable to accept new connections. The fix a new http.Server option called requestTimeout with a default value of 0 which means it is disabled by default. This should be set when Node.js is used as an edge server, for more details refer to the documentation.\n\nImpacts :\n\n- All versions of the 14.x release line fs.realpath.native on may cause buffer overflow (Medium) (CVE-2020-8252) libuv's realpath implementation incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.\n\nImpacts :\n\n- All versions of the 10.x release line\n\n- All versions of the 12.x release line\n\n- All versions of the 14.x release line before 14.9.0", "cvss3": {}, "published": "2020-09-17T00:00:00", "type": "nessus", "title": "FreeBSD : Node.js -- September 2020 Security Releases (4ca5894c-f7f1-11ea-8ff8-0022489ad614)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8201", "CVE-2020-8251", "CVE-2020-8252"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:node", "p-cpe:/a:freebsd:freebsd:node10", "p-cpe:/a:freebsd:freebsd:node12", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_4CA5894CF7F111EA8FF80022489AD614.NASL", "href": "https://www.tenable.com/plugins/nessus/140627", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140627);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2020-8201\", \"CVE-2020-8251\", \"CVE-2020-8252\");\n script_xref(name:\"IAVB\", value:\"2020-B-0057-S\");\n\n script_name(english:\"FreeBSD : Node.js -- September 2020 Security Releases (4ca5894c-f7f1-11ea-8ff8-0022489ad614)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Node.js reports :\n\nUpdates are now available for v10,x, v12.x and v14.x Node.js release\nlines for the following issues. HTTP Request Smuggling due to\nCR-to-Hyphen conversion (High) (CVE-2020-8201) Affected Node.js\nversions converted carriage returns in HTTP request headers to a\nhyphen before parsing. This can lead to HTTP Request Smuggling as it\nis a non-standard interpretation of the header.\n\nImpacts :\n\n- All versions of the 14.x and 12.x releases line Denial of Service by\nresource exhaustion CWE-400 due to unfinished HTTP/1.1 requests\n(Critical) (CVE-2020-8251) Node.js is vulnerable to HTTP denial of\nservice (DOS) attacks based on delayed requests submission which can\nmake the server unable to accept new connections. The fix a new\nhttp.Server option called requestTimeout with a default value of 0\nwhich means it is disabled by default. This should be set when Node.js\nis used as an edge server, for more details refer to the\ndocumentation.\n\nImpacts :\n\n- All versions of the 14.x release line fs.realpath.native on may\ncause buffer overflow (Medium) (CVE-2020-8252) libuv's realpath\nimplementation incorrectly determined the buffer size which can result\nin a buffer overflow if the resolved path is longer than 256 bytes.\n\nImpacts :\n\n- All versions of the 10.x release line\n\n- All versions of the 12.x release line\n\n- All versions of the 14.x release line before 14.9.0\");\n # https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?64b99430\");\n # https://vuxml.freebsd.org/freebsd/4ca5894c-f7f1-11ea-8ff8-0022489ad614.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?39cb0a14\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8201\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-8252\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:node\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:node10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:node12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"node<14.11.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"node12<12.18.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"node10<10.22.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-07T18:18:03", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5086 advisory.\n\n - npm: sensitive information exposure through logs (CVE-2020-15095)\n\n - nodejs-dot-prop: prototype pollution (CVE-2020-8116)\n\n - nodejs: HTTP request smuggling due to CR-to-Hyphen conversion (CVE-2020-8201)\n\n - libuv: buffer overflow in realpath (CVE-2020-8252)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-23T00:00:00", "type": "nessus", "title": "RHEL 7 : rh-nodejs12-nodejs (RHSA-2020:5086)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15095", "CVE-2020-8116", "CVE-2020-8201", "CVE-2020-8252"], "modified": "2023-09-07T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:rh-nodejs12-nodejs", "p-cpe:/a:redhat:enterprise_linux:rh-nodejs12-nodejs-devel", "p-cpe:/a:redhat:enterprise_linux:rh-nodejs12-nodejs-docs", "p-cpe:/a:redhat:enterprise_linux:rh-nodejs12-npm"], "id": "REDHAT-RHSA-2020-5086.NASL", "href": "https://www.tenable.com/plugins/nessus/170332", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5086. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170332);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/07\");\n\n script_cve_id(\n \"CVE-2020-8116\",\n \"CVE-2020-8201\",\n \"CVE-2020-8252\",\n \"CVE-2020-15095\"\n );\n script_xref(name:\"RHSA\", value:\"2020:5086\");\n\n script_name(english:\"RHEL 7 : rh-nodejs12-nodejs (RHSA-2020:5086)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:5086 advisory.\n\n - npm: sensitive information exposure through logs (CVE-2020-15095)\n\n - nodejs-dot-prop: prototype pollution (CVE-2020-8116)\n\n - nodejs: HTTP request smuggling due to CR-to-Hyphen conversion (CVE-2020-8201)\n\n - libuv: buffer overflow in realpath (CVE-2020-8252)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8116\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8201\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1856875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1868196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879311\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879315\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8116\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-8252\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(122, 131, 444, 471, 532);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-nodejs12-nodejs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-nodejs12-nodejs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-nodejs12-nodejs-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-nodejs12-npm\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/os',\n 'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'rh-nodejs12-nodejs-12.18.4-3.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-nodejs12-nodejs-12.18.4-3.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-nodejs12-nodejs-12.18.4-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-nodejs12-nodejs-devel-12.18.4-3.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-nodejs12-nodejs-devel-12.18.4-3.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-nodejs12-nodejs-devel-12.18.4-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-nodejs12-nodejs-docs-12.18.4-3.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-nodejs12-npm-6.14.6-12.18.4.3.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-nodejs12-npm-6.14.6-12.18.4.3.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-nodejs12-npm-6.14.6-12.18.4.3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-nodejs12-nodejs / rh-nodejs12-nodejs-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:11:13", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4272 advisory.\n\n - Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.\n (CVE-2020-8116)\n\n - Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names. (CVE-2020-8201)\n\n - The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes. (CVE-2020-8252)\n\n - Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like ://[[:]@][:][:][/]. The password value is not redacted and is printed to stdout and also to any generated log files. (CVE-2020-15095)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-21T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : nodejs:12 (ELSA-2020-4272)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15095", "CVE-2020-8116", "CVE-2020-8201", "CVE-2020-8252"], "modified": "2022-05-11T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:nodejs", "p-cpe:/a:oracle:linux:nodejs-devel", "p-cpe:/a:oracle:linux:nodejs-docs", "p-cpe:/a:oracle:linux:nodejs-full-i18n", "p-cpe:/a:oracle:linux:nodejs-nodemon", "p-cpe:/a:oracle:linux:nodejs-packaging", "p-cpe:/a:oracle:linux:npm"], "id": "ORACLELINUX_ELSA-2020-4272.NASL", "href": "https://www.tenable.com/plugins/nessus/141637", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-4272.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141637);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-8116\",\n \"CVE-2020-8201\",\n \"CVE-2020-8252\",\n \"CVE-2020-15095\"\n );\n\n script_name(english:\"Oracle Linux 8 : nodejs:12 (ELSA-2020-4272)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-4272 advisory.\n\n - Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before\n 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.\n (CVE-2020-8116)\n\n - Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious\n payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison\n cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the\n underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the\n HTTP header names. (CVE-2020-8201)\n\n - The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly\n determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256\n bytes. (CVE-2020-8252)\n\n - Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through\n log files. The CLI supports URLs like\n ://[[:]@][:][:][/]. The password value is not redacted\n and is printed to stdout and also to any generated log files. (CVE-2020-15095)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-4272.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8116\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-8252\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nodejs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nodejs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nodejs-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nodejs-full-i18n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nodejs-nodemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nodejs-packaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:npm\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/nodejs');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:12');\nif ('12' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module nodejs:' + module_ver);\n\nappstreams = {\n 'nodejs:12': [\n {'reference':'nodejs-12.18.4-2.module+el8.2.0+7806+0b44ae23', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-12.18.4-2.module+el8.2.0+7806+0b44ae23', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-devel-12.18.4-2.module+el8.2.0+7806+0b44ae23', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-devel-12.18.4-2.module+el8.2.0+7806+0b44ae23', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-docs-12.18.4-2.module+el8.2.0+7806+0b44ae23', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-full-i18n-12.18.4-2.module+el8.2.0+7806+0b44ae23', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-full-i18n-12.18.4-2.module+el8.2.0+7806+0b44ae23', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-nodemon-1.18.3-1.module+el8.1.0+5393+aaf413e3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs-packaging-17-3.module+el8.1.0+5393+aaf413e3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'npm-6.14.6-1.12.18.4.2.module+el8.2.0+7806+0b44ae23', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'npm-6.14.6-1.12.18.4.2.module+el8.2.0+7806+0b44ae23', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:12');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs / nodejs-devel / nodejs-docs / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:24:52", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4903 advisory.\n\n - npm: sensitive information exposure through logs (CVE-2020-15095)\n\n - nodejs-dot-prop: prototype pollution (CVE-2020-8116)\n\n - nodejs: HTTP request smuggling due to CR-to-Hyphen conversion (CVE-2020-8201)\n\n - libuv: buffer overflow in realpath (CVE-2020-8252)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-04T00:00:00", "type": "nessus", "title": "RHEL 8 : nodejs:12 (RHSA-2020:4903)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15095", "CVE-2020-8116", "CVE-2020-8201", "CVE-2020-8252"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.1", "cpe:/o:redhat:rhel_eus:8.1", "p-cpe:/a:redhat:enterprise_linux:nodejs", "p-cpe:/a:redhat:enterprise_linux:nodejs-devel", "p-cpe:/a:redhat:enterprise_linux:nodejs-docs", "p-cpe:/a:redhat:enterprise_linux:nodejs-full-i18n", "p-cpe:/a:redhat:enterprise_linux:nodejs-nodemon", "p-cpe:/a:redhat:enterprise_linux:nodejs-packaging", "p-cpe:/a:redhat:enterprise_linux:npm"], "id": "REDHAT-RHSA-2020-4903.NASL", "href": "https://www.tenable.com/plugins/nessus/142450", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4903. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142450);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2020-8116\",\n \"CVE-2020-8201\",\n \"CVE-2020-8252\",\n \"CVE-2020-15095\"\n );\n script_xref(name:\"RHSA\", value:\"2020:4903\");\n script_xref(name:\"IAVB\", value:\"2020-B-0057-S\");\n\n script_name(english:\"RHEL 8 : nodejs:12 (RHSA-2020:4903)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:4903 advisory.\n\n - npm: sensitive information exposure through logs (CVE-2020-15095)\n\n - nodejs-dot-prop: prototype pollution (CVE-2020-8116)\n\n - nodejs: HTTP request smuggling due to CR-to-Hyphen conversion (CVE-2020-8201)\n\n - libuv: buffer overflow in realpath (CVE-2020-8252)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8116\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8201\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1856875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1868196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879311\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879315\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8116\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-8252\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(122, 131, 444, 471, 532);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-full-i18n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-nodemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-packaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:npm\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'nodejs:12': [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.1/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.1/x86_64/appstream/os',\n 'content/e4s/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.1/x86_64/baseos/os',\n 'content/e4s/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap/os',\n 'content/e4s/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/appstream/debug',\n 'content/eus/rhel8/8.1/aarch64/appstream/os',\n 'content/eus/rhel8/8.1/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/baseos/debug',\n 'content/eus/rhel8/8.1/aarch64/baseos/os',\n 'content/eus/rhel8/8.1/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.1/aarch64/highavailability/os',\n 'content/eus/rhel8/8.1/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.1/aarch64/supplementary/os',\n 'content/eus/rhel8/8.1/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.1/ppc64le/appstream/os',\n 'content/eus/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.1/ppc64le/baseos/os',\n 'content/eus/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/sap/debug',\n 'content/eus/rhel8/8.1/ppc64le/sap/os',\n 'content/eus/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/appstream/debug',\n 'content/eus/rhel8/8.1/s390x/appstream/os',\n 'content/eus/rhel8/8.1/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/baseos/debug',\n 'content/eus/rhel8/8.1/s390x/baseos/os',\n 'content/eus/rhel8/8.1/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/highavailability/debug',\n 'content/eus/rhel8/8.1/s390x/highavailability/os',\n 'content/eus/rhel8/8.1/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/sap/debug',\n 'content/eus/rhel8/8.1/s390x/sap/os',\n 'content/eus/rhel8/8.1/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/supplementary/debug',\n 'content/eus/rhel8/8.1/s390x/supplementary/os',\n 'content/eus/rhel8/8.1/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/appstream/debug',\n 'content/eus/rhel8/8.1/x86_64/appstream/os',\n 'content/eus/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/baseos/debug',\n 'content/eus/rhel8/8.1/x86_64/baseos/os',\n 'content/eus/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.1/x86_64/highavailability/os',\n 'content/eus/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap/debug',\n 'content/eus/rhel8/8.1/x86_64/sap/os',\n 'content/eus/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.1/x86_64/supplementary/os',\n 'content/eus/rhel8/8.1/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'nodejs-12.18.4-2.module+el8.1.0+8360+14141500', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-devel-12.18.4-2.module+el8.1.0+8360+14141500', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-docs-12.18.4-2.module+el8.1.0+8360+14141500', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-full-i18n-12.18.4-2.module+el8.1.0+8360+14141500', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-nodemon-1.18.3-1.module+el8.1.0+3369+37ae6a45', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'npm-6.14.6-1.12.18.4.2.module+el8.1.0+8360+14141500', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/nodejs');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:12');\nif ('12' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module nodejs:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:12');\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs / nodejs-devel / nodejs-docs / nodejs-full-i18n / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:23:58", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4272 advisory.\n\n - npm: sensitive information exposure through logs (CVE-2020-15095)\n\n - nodejs-dot-prop: prototype pollution (CVE-2020-8116)\n\n - nodejs: HTTP request smuggling due to CR-to-Hyphen conversion (CVE-2020-8201)\n\n - libuv: buffer overflow in realpath (CVE-2020-8252)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-19T00:00:00", "type": "nessus", "title": "RHEL 8 : nodejs:12 (RHSA-2020:4272)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15095", "CVE-2020-8116", "CVE-2020-8201", "CVE-2020-8252"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.2", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:nodejs", "p-cpe:/a:redhat:enterprise_linux:nodejs-devel", "p-cpe:/a:redhat:enterprise_linux:nodejs-docs", "p-cpe:/a:redhat:enterprise_linux:nodejs-full-i18n", "p-cpe:/a:redhat:enterprise_linux:nodejs-nodemon", "p-cpe:/a:redhat:enterprise_linux:nodejs-packaging", "p-cpe:/a:redhat:enterprise_linux:npm"], "id": "REDHAT-RHSA-2020-4272.NASL", "href": "https://www.tenable.com/plugins/nessus/141536", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4272. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141536);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2020-8116\",\n \"CVE-2020-8201\",\n \"CVE-2020-8252\",\n \"CVE-2020-15095\"\n );\n script_xref(name:\"RHSA\", value:\"2020:4272\");\n script_xref(name:\"IAVB\", value:\"2020-B-0057-S\");\n\n script_name(english:\"RHEL 8 : nodejs:12 (RHSA-2020:4272)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:4272 advisory.\n\n - npm: sensitive information exposure through logs (CVE-2020-15095)\n\n - nodejs-dot-prop: prototype pollution (CVE-2020-8116)\n\n - nodejs: HTTP request smuggling due to CR-to-Hyphen conversion (CVE-2020-8201)\n\n - libuv: buffer overflow in realpath (CVE-2020-8252)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8116\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8201\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4272\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1856875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1868196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879311\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879315\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8116\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-8252\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(122, 131, 444, 471, 532);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-full-i18n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-nodemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-packaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:npm\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'nodejs:12': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.2/ppc64le/appstream/os',\n 'content/eus/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.2/ppc64le/baseos/os',\n 'content/eus/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap/os',\n 'content/eus/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/appstream/debug',\n 'content/eus/rhel8/8.2/s390x/appstream/os',\n 'content/eus/rhel8/8.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/baseos/debug',\n 'content/eus/rhel8/8.2/s390x/baseos/os',\n 'content/eus/rhel8/8.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/highavailability/debug',\n 'content/eus/rhel8/8.2/s390x/highavailability/os',\n 'content/eus/rhel8/8.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/sap/debug',\n 'content/eus/rhel8/8.2/s390x/sap/os',\n 'content/eus/rhel8/8.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/supplementary/debug',\n 'content/eus/rhel8/8.2/s390x/supplementary/os',\n 'content/eus/rhel8/8.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'nodejs-12.18.4-2.module+el8.2.0+8361+192e434e', 'sp':'2', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-devel-12.18.4-2.module+el8.2.0+8361+192e434e', 'sp':'2', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-docs-12.18.4-2.module+el8.2.0+8361+192e434e', 'sp':'2', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-full-i18n-12.18.4-2.module+el8.2.0+8361+192e434e', 'sp':'2', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-nodemon-1.18.3-1.module+el8.1.0+3369+37ae6a45', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'npm-6.14.6-1.12.18.4.2.module+el8.2.0+8361+192e434e', 'sp':'2', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/appstream/debug',\n 'content/e4s/rhel8/8.4/aarch64/appstream/os',\n 'content/e4s/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/baseos/debug',\n 'content/e4s/rhel8/8.4/aarch64/baseos/os',\n 'content/e4s/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/appstream/debug',\n 'content/e4s/rhel8/8.4/s390x/appstream/os',\n 'content/e4s/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/baseos/debug',\n 'content/e4s/rhel8/8.4/s390x/baseos/os',\n 'content/e4s/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/nfv/debug',\n 'content/e4s/rhel8/8.4/x86_64/nfv/os',\n 'content/e4s/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'nodejs-12.18.4-2.module+el8.2.0+8361+192e434e', 'sp':'4', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-devel-12.18.4-2.module+el8.2.0+8361+192e434e', 'sp':'4', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-docs-12.18.4-2.module+el8.2.0+8361+192e434e', 'sp':'4', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-full-i18n-12.18.4-2.module+el8.2.0+8361+192e434e', 'sp':'4', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-nodemon-1.18.3-1.module+el8.1.0+3369+37ae6a45', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'npm-6.14.6-1.12.18.4.2.module+el8.2.0+8361+192e434e', 'sp':'4', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'nodejs-12.18.4-2.module+el8.2.0+8361+192e434e', 'sp':'6', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-devel-12.18.4-2.module+el8.2.0+8361+192e434e', 'sp':'6', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-docs-12.18.4-2.module+el8.2.0+8361+192e434e', 'sp':'6', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-full-i18n-12.18.4-2.module+el8.2.0+8361+192e434e', 'sp':'6', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-nodemon-1.18.3-1.module+el8.1.0+3369+37ae6a45', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'npm-6.14.6-1.12.18.4.2.module+el8.2.0+8361+192e434e', 'sp':'6', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'nodejs-12.18.4-2.module+el8.2.0+8361+192e434e', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-devel-12.18.4-2.module+el8.2.0+8361+192e434e', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-docs-12.18.4-2.module+el8.2.0+8361+192e434e', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-full-i18n-12.18.4-2.module+el8.2.0+8361+192e434e', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-nodemon-1.18.3-1.module+el8.1.0+3369+37ae6a45', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'npm-6.14.6-1.12.18.4.2.module+el8.2.0+8361+192e434e', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/nodejs');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:12');\nif ('12' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module nodejs:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:12');\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs / nodejs-devel / nodejs-docs / nodejs-full-i18n / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:22:44", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4272 advisory.\n\n - npm: sensitive information exposure through logs (CVE-2020-15095)\n\n - nodejs-dot-prop: prototype pollution (CVE-2020-8116)\n\n - nodejs: HTTP request smuggling due to CR-to-Hyphen conversion (CVE-2020-8201)\n\n - libuv: buffer overflow in realpath (CVE-2020-8252)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "CentOS 8 : nodejs:12 (CESA-2020:4272)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15095", "CVE-2020-8116", "CVE-2020-8201", "CVE-2020-8252"], "modified": "2023-02-08T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:nodejs", "p-cpe:/a:centos:centos:nodejs-devel", "p-cpe:/a:centos:centos:nodejs-docs", "p-cpe:/a:centos:centos:nodejs-full-i18n", "p-cpe:/a:centos:centos:nodejs-nodemon", "p-cpe:/a:centos:centos:nodejs-packaging", "p-cpe:/a:centos:centos:npm"], "id": "CENTOS8_RHSA-2020-4272.NASL", "href": "https://www.tenable.com/plugins/nessus/145813", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:4272. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145813);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\n \"CVE-2020-8116\",\n \"CVE-2020-8201\",\n \"CVE-2020-8252\",\n \"CVE-2020-15095\"\n );\n script_xref(name:\"RHSA\", value:\"2020:4272\");\n\n script_name(english:\"CentOS 8 : nodejs:12 (CESA-2020:4272)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:4272 advisory.\n\n - npm: sensitive information exposure through logs (CVE-2020-15095)\n\n - nodejs-dot-prop: prototype pollution (CVE-2020-8116)\n\n - nodejs: HTTP request smuggling due to CR-to-Hyphen conversion (CVE-2020-8201)\n\n - libuv: buffer overflow in realpath (CVE-2020-8252)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4272\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8116\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-8252\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nodejs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nodejs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nodejs-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nodejs-full-i18n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nodejs-nodemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nodejs-packaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:npm\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/CentOS/release');\nif (isnull(os_release) || 'CentOS' >!< os_release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< os_release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/nodejs');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:12');\nif ('12' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module nodejs:' + module_ver);\n\nvar appstreams = {\n 'nodejs:12': [\n {'reference':'nodejs-12.18.4-2.module_el8.2.0+530+cb1b9c8b', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs-12.18.4-2.module_el8.2.0+530+cb1b9c8b', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs-devel-12.18.4-2.module_el8.2.0+530+cb1b9c8b', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs-devel-12.18.4-2.module_el8.2.0+530+cb1b9c8b', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs-docs-12.18.4-2.module_el8.2.0+530+cb1b9c8b', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs-docs-12.18.4-2.module_el8.2.0+530+cb1b9c8b', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs-full-i18n-12.18.4-2.module_el8.2.0+530+cb1b9c8b', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs-full-i18n-12.18.4-2.module_el8.2.0+530+cb1b9c8b', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs-nodemon-1.18.3-1.module_el8.1.0+251+8afea200', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs-nodemon-1.18.3-1.module_el8.1.0+251+8afea200', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs-packaging-17-3.module_el8.1.0+251+8afea200', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs-packaging-17-3.module_el8.1.0+251+8afea200', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'npm-6.14.6-1.12.18.4.2.module_el8.2.0+530+cb1b9c8b', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'npm-6.14.6-1.12.18.4.2.module_el8.2.0+530+cb1b9c8b', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n};\n\nvar flag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:12');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs / nodejs-devel / nodejs-docs / nodejs-full-i18n / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:20", "description": "Update to 14.15.1\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-14T00:00:00", "type": "nessus", "title": "Fedora 33 : 1:nodejs (2020-43d5a372fc)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10531", "CVE-2020-11080", "CVE-2020-14354", "CVE-2020-15095", "CVE-2020-8201", "CVE-2020-8251", "CVE-2020-8252"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:nodejs", "cpe:/o:fedoraproject:fedora:33"], "id": "FEDORA_2020-43D5A372FC.NASL", "href": "https://www.tenable.com/plugins/nessus/144124", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-43d5a372fc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144124);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2020-10531\", \"CVE-2020-11080\", \"CVE-2020-14354\", \"CVE-2020-15095\", \"CVE-2020-8201\", \"CVE-2020-8251\", \"CVE-2020-8252\");\n script_xref(name:\"FEDORA\", value:\"2020-43d5a372fc\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Fedora 33 : 1:nodejs (2020-43d5a372fc)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to 14.15.1\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-43d5a372fc\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected 1:nodejs package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10531\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:nodejs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 33\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC33\", reference:\"nodejs-14.15.1-1.fc33\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:nodejs\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:22:59", "description": "The remote host is affected by the vulnerability described in GLSA-202101-07 (NodeJS: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in NodeJS. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Please review the referenced CVE identifiers for details.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2021-01-12T00:00:00", "type": "nessus", "title": "GLSA-202101-07 : NodeJS: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15095", "CVE-2020-8172", "CVE-2020-8174", "CVE-2020-8201", "CVE-2020-8251", "CVE-2020-8265", "CVE-2020-8277", "CVE-2020-8287"], "modified": "2022-12-08T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:nodejs", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202101-07.NASL", "href": "https://www.tenable.com/plugins/nessus/144864", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202101-07.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144864);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/08\");\n\n script_cve_id(\"CVE-2020-15095\", \"CVE-2020-8172\", \"CVE-2020-8174\", \"CVE-2020-8201\", \"CVE-2020-8251\", \"CVE-2020-8265\", \"CVE-2020-8277\", \"CVE-2020-8287\");\n script_xref(name:\"GLSA\", value:\"202101-07\");\n script_xref(name:\"IAVB\", value:\"2021-B-0004-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"GLSA-202101-07 : NodeJS: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202101-07\n(NodeJS: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in NodeJS. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202101-07\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All NodeJS 15 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/nodejs-15.5.1'\n All NodeJS 14 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/nodejs-14.15.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:nodejs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-libs/nodejs\", unaffected:make_list(\"ge 15.5.1\", \"ge 14.15.1\", \"ge 12.20.1\"), vulnerable:make_list(\"lt 15.5.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"NodeJS\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "nodejsblog": [{"lastseen": "2023-03-14T04:11:32", "description": "# September 2020 Security Releases\n\nBy Michael Dawson, 2020-09-15\n\n## _(Update 15-Sept-2020)_ Security releases available\n\nUpdates are now available for v10,x, v12.x and v14.x Node.js release lines for the following issues.\n\n### HTTP Request Smuggling due to CR-to-Hyphen conversion (High) (CVE-2020-8201)\n\nAffected Node.js versions converted carriage returns in HTTP request headers to a hyphen before parsing. This can lead to HTTP Request Smuggling as it is a non-standard interpretation of the header.\n\nImpacts:\n\n * All versions of the 14.x and 12.x releases line\n\nThank you to Amit Klein who works at Safebreach for reporting this vulnerability.\n\n### Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests (Critical) (CVE-2020-8251)\n\nNode.js is vulnerable to HTTP denial of service (DOS) attacks based on delayed requests submission which can make the server unable to accept new connections. The fix a new http.Server option called requestTimeout with a default value of 0 which means it is disabled by default. This should be set when Node.js is used as an edge server, for more details refer to the documentation.\n\nImpacts:\n\n * All versions of the 14.x release line\n\nThank you to Paolo Insogna and Matteo Collina who work at NearFom for reporting and fixing this vulnerability.\n\n### fs.realpath.native may cause buffer overflow (Medium) (CVE-2020-8252)\n\nlibuv's realpath implementation incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.\n\nImpacts:\n\n * All versions of the 10.x release line\n * All versions of the 12.x release line\n * All versions of the 14.x release line before 14.9.0\n\nThank you Xiaoyi Shi who works at Tencent for reporting this vulnerability.\n\n## Downloads and release details\n\n * [Node.js v10.22.1 (LTS)](<https://nodejs.org/en/blog/release/v10.22.1/>)\n * [Node.js v12.18.4 (LTS)](<https://nodejs.org/en/blog/release/v12.18.4/>)\n * [Node.js v14.11.0 (Current)](<https://nodejs.org/en/blog/release/v14.11.0/>)\n\n* * *\n\n## Summary\n\nThe Node.js project will release new versions of all supported release lines on or shortly after Tuesday, September 15, 2020. These releases will fix\n\n * One critical severity issue\n * One high severity issue\n * One medium severity issue\n\n## Impact\n\nThe 14.x release line of Node.js is vulnerable to one critical severity issue, one high severity issue and one medium severity issue.\n\nThe 12.x release line of Node.js is vulnerable to one high severity issue, and one medium severity issue.\n\n10.x release line of Node.js is vulnerable to one medium severity issue.\n\n## Release timing\n\nReleases will be available at, or shortly after, Tuesday, September 15th, 2020.\n\n## Contact and future updates\n\nThe current Node.js security policy can be found at [https://github.com/nodejs/node/blob/HEAD/SECURITY.md#security](<https://github.com/nodejs/node/blob/HEAD/SECURITY#security>). Please follow the process outlined in [https://github.com/nodejs/node/blob/main/SECURITY.md](<https://github.com/nodejs/node/blob/main/SECURITY>) if you wish to report a vulnerability in Node.js.\n\nSubscribe to the low-volume announcement-only nodejs-sec mailing list at <https://groups.google.com/forum/#!forum/nodejs-sec> to stay up to date on security vulnerabilities and security-related releases of Node.js and the projects maintained in the nodejs GitHub organization.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-15T00:00:00", "type": "nodejsblog", "title": "September 2020 Security Releases", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8201", "CVE-2020-8251", "CVE-2020-8252"], "modified": "2020-09-15T00:00:00", "id": "NODEJSBLOG:SEPTEMBER-2020-SECURITY-RELEASES", "href": "https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "freebsd": [{"lastseen": "2023-06-06T15:28:27", "description": "\n\nNode.js reports:\n\nUpdates are now available for v10,x, v12.x and v14.x Node.js release lines for the following issues.\nHTTP Request Smuggling due to CR-to-Hyphen conversion (High) (CVE-2020-8201)\nAffected Node.js versions converted carriage returns in HTTP request headers to a hyphen before parsing. This can lead to HTTP Request Smuggling as it is a non-standard interpretation of the header.\nImpacts:\n\nAll versions of the 14.x and 12.x releases line\n\nDenial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests (Critical) (CVE-2020-8251)\nNode.js is vulnerable to HTTP denial of service (DOS) attacks based on delayed requests submission which can make the server unable to accept new connections. The fix a new http.Server option called requestTimeout with a default value of 0 which means it is disabled by default. This should be set when Node.js is used as an edge server, for more details refer to the documentation.\nImpacts:\n\nAll versions of the 14.x release line\n\nfs.realpath.native on may cause buffer overflow (Medium) (CVE-2020-8252)\nlibuv's realpath implementation incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.\nImpacts:\n\nAll versions of the 10.x release line\nAll versions of the 12.x release line\nAll versions of the 14.x release line before 14.9.0\n\n\n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-08T00:00:00", "type": "freebsd", "title": "Node.js -- September 2020 Security Releases", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8201", "CVE-2020-8251", "CVE-2020-8252"], "modified": "2020-09-08T00:00:00", "id": "4CA5894C-F7F1-11EA-8FF8-0022489AD614", "href": "https://vuxml.freebsd.org/freebsd/4ca5894c-f7f1-11ea-8ff8-0022489ad614.html", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "suse": [{"lastseen": "2022-04-18T12:40:59", "description": "An update that solves three vulnerabilities and has one\n errata is now available.\n\nDescription:\n\n This update for nodejs12 fixes the following issues:\n\n - nodejs12 was updated to 12.18.4 LTS:\n - CVE-2020-8201: Fixed an HTTP Request Smuggling due to CR-to-Hyphen\n conversion (bsc#1176605).\n - CVE-2020-8252: Fixed a buffer overflow in realpath (bsc#1176589).\n - CVE-2020-15095: Fixed an information leak through log files\n (bsc#1173937).\n - Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation\n on Aarch64 with gcc10 (bsc#1172686)\n\n This update was imported from the SUSE:SLE-15-SP2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2020-1616=1", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-10-05T00:00:00", "type": "suse", "title": "Security update for nodejs12 (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15095", "CVE-2020-8201", "CVE-2020-8252"], "modified": "2020-10-05T00:00:00", "id": "OPENSUSE-SU-2020:1616-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5CMPMUA4PV5TIZ4ZIY7PTL3KUZIS2IAM/", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "redhat": [{"lastseen": "2023-08-04T12:27:59", "description": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (12.18.4).\n\nSecurity Fix(es):\n\n* nodejs-dot-prop: prototype pollution (CVE-2020-8116)\n\n* nodejs: HTTP request smuggling due to CR-to-Hyphen conversion (CVE-2020-8201)\n\n* npm: Sensitive information exposure through logs (CVE-2020-15095)\n\n* libuv: buffer overflow in realpath (CVE-2020-8252)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* The nodejs:12/development module is not installable (BZ#1883966)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-10-19T07:13:10", "type": "redhat", "title": "(RHSA-2020:4272) Moderate: nodejs:12 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15095", "CVE-2020-8116", "CVE-2020-8201", "CVE-2020-8252"], "modified": "2020-10-19T14:19:40", "id": "RHSA-2020:4272", "href": "https://access.redhat.com/errata/RHSA-2020:4272", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-04T12:27:58", "description": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (12.18.4).\n\nSecurity Fix(es):\n\n* nodejs-dot-prop: prototype pollution (CVE-2020-8116)\n\n* nodejs: HTTP request smuggling due to CR-to-Hyphen conversion (CVE-2020-8201)\n\n* npm: Sensitive information exposure through logs (CVE-2020-15095)\n\n* libuv: buffer overflow in realpath (CVE-2020-8252)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* The nodejs:12/development module is not installable (BZ#1883965)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-04T09:29:19", "type": "redhat", "title": "(RHSA-2020:4903) Moderate: nodejs:12 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15095", "CVE-2020-8116", "CVE-2020-8201", "CVE-2020-8252"], "modified": "2020-11-04T10:15:25", "id": "RHSA-2020:4903", "href": "https://access.redhat.com/errata/RHSA-2020:4903", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-04T12:27:58", "description": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: rh-nodejs12-nodejs (12.18.4). (BZ#1878550, BZ#1888291, BZ#1888298)\n\nSecurity Fix(es):\n\n* nodejs-dot-prop: prototype pollution (CVE-2020-8116)\n\n* nodejs: HTTP request smuggling due to CR-to-Hyphen conversion (CVE-2020-8201)\n\n* npm: Sensitive information exposure through logs (CVE-2020-15095)\n\n* libuv: buffer overflow in realpath (CVE-2020-8252)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T13:06:16", "type": "redhat", "title": "(RHSA-2020:5086) Moderate: rh-nodejs12-nodejs security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15095", "CVE-2020-8116", "CVE-2020-8201", "CVE-2020-8252"], "modified": "2020-11-12T09:32:56", "id": "RHSA-2020:5086", "href": "https://access.redhat.com/errata/RHSA-2020:5086", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "almalinux": [{"lastseen": "2023-08-02T11:17:03", "description": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (12.18.4).\n\nSecurity Fix(es):\n\n* nodejs-dot-prop: prototype pollution (CVE-2020-8116)\n\n* nodejs: HTTP request smuggling due to CR-to-Hyphen conversion (CVE-2020-8201)\n\n* npm: Sensitive information exposure through logs (CVE-2020-15095)\n\n* libuv: buffer overflow in realpath (CVE-2020-8252)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* The nodejs:12/development module is not installable (BZ#1883966)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-10-19T07:13:10", "type": "almalinux", "title": "Moderate: nodejs:12 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15095", "CVE-2020-8116", "CVE-2020-8201", "CVE-2020-8252"], "modified": "2020-10-19T07:13:10", "id": "ALSA-2020:4272", "href": "https://errata.almalinux.org/8/ALSA-2020-4272.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-07-30T06:24:39", "description": "nodejs\n[1:12.18.4-2]\n- Resolves: RHBZ#1883966 - nodejs-devel not installable due to missing brotli\n- Some spec fixes\n[12.18.4-1]\n- Rebase to 12.18.4\nnodejs-nodemon\nnodejs-packaging", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-10-20T00:00:00", "type": "oraclelinux", "title": "nodejs:12 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15095", "CVE-2020-8116", "CVE-2020-8201", "CVE-2020-8252"], "modified": "2020-10-20T00:00:00", "id": "ELSA-2020-4272", "href": "http://linux.oracle.com/errata/ELSA-2020-4272.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "rocky": [{"lastseen": "2023-07-24T17:30:17", "description": "An update is available for nodejs-nodemon, nodejs-packaging.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list\nNode.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (12.18.4).\n\nSecurity Fix(es):\n\n* nodejs-dot-prop: prototype pollution (CVE-2020-8116)\n\n* nodejs: HTTP request smuggling due to CR-to-Hyphen conversion (CVE-2020-8201)\n\n* npm: Sensitive information exposure through logs (CVE-2020-15095)\n\n* libuv: buffer overflow in realpath (CVE-2020-8252)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* The nodejs:12/development module is not installable (BZ#1883966)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-10-19T07:13:10", "type": "rocky", "title": "nodejs:12 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15095", "CVE-2020-8116", "CVE-2020-8201", "CVE-2020-8252"], "modified": "2020-10-19T07:13:10", "id": "RLSA-2020:4272", "href": "https://errata.rockylinux.org/RLSA-2020:4272", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2021-02-23T19:40:48", "description": "IBM has patched a critical buffer-overflow error that affects Big Blue\u2019s Integration Designer toolset, which helps enterprises create business processes that integrate applications and data. If exploited, the flaw could enable remote code execution.\n\n[](<https://threatpost.com/webinars/15-cybersecurity-gaffes-and-fixes-mid-size-businesses-face/?utm_source=ART&utm_medium=ART&utm_campaign=Feb_webinar>)\n\nClick to Register\n\nThe flaw (CVE-2020-27221) has a CVSS base score of 9.8 out of 10, making it critical in severity. It stems from an issue in versions 7 and 8 of Java Runtime Environment (JRE), which is used by IBM Integration Designer toolset.\n\nJRE is a software layer that runs on top of a computer\u2019s operating system (OS), and enables Java to run seamlessly on any system regardless of its OS.\n\n## **What is a Buffer-Overflow Flaw?**\n\nThe flaw is a stack-based buffer-overflow error. This is a class of vulnerability where the region of a process\u2019 memory that\u2019s used to store dynamic variables (the heap) can be overwhelmed.\n\n\u201cBy sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash,\u201d according to IBM\u2019s Monday [security advisory](<https://www.ibm.com/blogs/psirt/security-bulletin-multiple-cves-vulnerabilities-in-ibm-java-runtime-affect-ibm-integration-designer-used-in-ibm-business-automation-workflow-and-ibm-business-process-manager-2/>).\n\nThe error exists when the virtual machine (VM) or Java Native Interface converts characters from UTF-8 to platform encoding. Java Native Interface is a programming framework that enables Java code running in a Java VM to call native applications and libraries written in other languages.\n\nIBM didn\u2019t provide further information about what type of privileges an attacker would need, where they would need to send the string or the initial attack vector.\n\n## **IBM Integration Designer Affected**\n\nSpecifically, CVE-2020-27221 exists in Eclipse OpenJ9, a high-performance, scalable, Java VM implementation that is fully compliant with JRE.\n\n\u201cContributed to the Eclipse foundation by IBM, the OpenJ9 JVM underpins the IBM SDK, Java Technology Edition, which is a core component of many IBM Enterprise software products,\u201d [according to IBM](<https://developer.ibm.com/open/projects/eclipse-openj9/>).\n\nIBM Integration Designer versions 8.5.7, 19.0.0.2, 20.0.0.1 and 20.0.0.2, which use JRE versions 7 and 8, are affected. The vulnerability was first reported on Dec. 16 via the [Eclipse Foundation](<https://bugs.eclipse.org/bugs/show_bug.cgi?id=569763>), which is a global community of Eclipse open source software development members. A fix can be found here for [each affected version](<https://www.ibm.com/support/pages/node/6416559>) of IBM Integration Designer.\n\nAnother vulnerability (CVE-2020-14782) was fixed, stemming from the JRE implementation in IBM Integration Designer. This \u201cunspecified\u201d vulnerability existed in Java SE and was related to the Libraries component. However, [according to IBM](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14782>) it had \u201cno confidentiality impact, low integrity impact and no availability impact.\u201d\n\n## **IBM Planning Analytics Workspace High-Severity Flaws**\n\nIBM also patched a slew of high-severity flaws in its IBM Planning Analytics Workspace; a web-based interface for IBM Planning Analytics that provides an interface to create and analyze content. The flaws exist specifically in Release 61 of the Local v2.0 for Planning Analytics Workspace.\n\nThree vulnerabilities exist in Node.js, an open-source, cross-platform JavaScript runtime environment for developing server-side and networking applications, which is used in IBM Planning Analytics. These flaws include a denial-of-service vulnerability ([CVE-2020-8251](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8251>)); an HTTP request-smuggling glitch ([CVE-2020-8201](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8201>)); and a buffer-overflow error ([CVE-2020-8252](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8252>)).\n\nAnother flaw ([CVE-2020-25649](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25649>)) exists in the FasterXML Jackson Databind, used to convert JSON to and from Plain Old Java Object (POJO) using property accessor or using annotations.\n\nThe flaw \u201ccould provide weaker than expected security, caused by not having entity expansion secured properly,\u201d according to IBM. \u201cA remote attacker could exploit this vulnerability to launch XML external entity (XXE) attacks to have impact over data integrity.\u201d\n\n## **IBM Continues Security-Flaw Fix Campaign**\n\nIBM previously issued various fixes for vulnerabilities, including [ones in Spectrum Protect Plus in September](<https://threatpost.com/ibm-flaws-spectrum-protect-plus/159268/>). This is Big Blue\u2019s security tool that\u2019s found under the umbrella of its Spectrum data storage software branding. The flaws could be exploited by remote attackers to execute code on vulnerable systems.\n\nIn August, a shared-memory flaw was discovered in [IBM\u2019s next-gen data-management software](<https://threatpost.com/ibm-ai-powered-data-management-software-subject-exploit/158497/>) that researchers said could lead to other threats \u2014 as demonstrated by a new proof-of-concept exploit for the bug.\n\nAnd in April, four serious security vulnerabilities in [the IBM Data Risk Manager](<https://threatpost.com/rce-exploit-ibm-data-risk-manager-no-patch/154986/>) (IDRM) were identified that can lead to unauthenticated remote code execution (RCE) as root in vulnerable versions, according to analysis \u2013 and a proof-of-concept exploit is available.\n\n**Threatpost WEBINAR:** _Is your small- to medium-sized business an easy mark for attackers? Save your spot for __\u201c_**15 Cybersecurity Gaffes SMBs Make**_,\u201d a _[**_FREE Threatpost webinar_**](<https://threatpost.com/webinars/15-cybersecurity-gaffes-and-fixes-mid-size-businesses-face/?utm_source=ART&utm_medium=ART&utm_campaign=Feb_webinar>)** _on Feb. 24 at 2 p.m. ET._**_ Cybercriminals count on you making these mistakes, but our experts will help you lock down your small- to mid-sized business like it was a Fortune 100. _[_Register NOW_](<https://threatpost.com/webinars/15-cybersecurity-gaffes-and-fixes-mid-size-businesses-face/?utm_source=ART&utm_medium=ART&utm_campaign=Feb_webinar>)_ for this _**_LIVE_****_ _**_webinar on Wed., Feb. 24._\n", "cvss3": {}, "published": "2021-02-23T19:36:32", "type": "threatpost", "title": "IBM Squashes Critical Remote Code-Execution Flaw", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-14782", "CVE-2020-25649", "CVE-2020-27221", "CVE-2020-8201", "CVE-2020-8251", "CVE-2020-8252"], "modified": "2021-02-23T19:36:32", "id": "THREATPOST:136544A8850662645EB54E79AAB40F75", "href": "https://threatpost.com/ibm-critical-remote-code-execution-flaw/164187/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ics": [{"lastseen": "2023-09-09T20:59:47", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 7.5**\n * **ATTENTION:** Exploitable remotely/low attack complexity\n * **Vendor:** Hitachi Energy\n * **Equipment:** Gateway Station (GWS) Product\n * **Vulnerability:** Inconsistent Interpretation of HTTP Requests, Use After Free, Classic Buffer Overflow, Integer Underflow, Improper Certificate Validation, Observable Discrepancy\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of this vulnerability could allow unauthorized users to eavesdrop on the traffic between network source and destination, gain unauthorized access to information, or cause a denial-of service condition.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nHitachi Energy reported multiple open-source software related vulnerabilities in the following GWS Product versions: \n\n * GWS 2.0.0.0 and earlier\n * GWS 2.1.0.0\n * GWS 2.2.0.0\n * GWS 2.3.0.0\n * GWS 2.4.0.0\n * GWS 3.0.0.0\n * GWS 3.1.0.0.\n\n### 3.2 VULNERABILITY OVERVIEW\n\n#### 3.2.1 [RELIANCE ON UNCONTROLLED COMPONENT CWE-1357](<https://cwe.mitre.org/data/definitions/1357.html>)\n\nHitachi Energy is aware of publicly disclosed reports of multiple vulnerabilities in open-source software components (OpenSSL and Node.JS) used in the Gateway Station (GWS) product. Versions are available to remediate the identified vulnerabilities.\n\n[CVE-2020-1968](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1968>), [CVE-2020-8172](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8172>), [CVE-2020-8174](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8174>), [CVE-2020-8201](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8201>), [CVE-2020-8252](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8252>), [CVE-2020-8265](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8265>), and [CVE-2020-8287](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8287>) have been assigned to these vulnerabilities in open source components used by GWS. A CVSS v3 base score of 8.1 has been calculated for the worst case; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H>)). \n\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS:** Energy\n * **COUNTRIES/AREAS DEPLOYED:** Worldwide\n * **COMPANY HEADQUARTERS LOCATION:** Switzerland\n\n### 3.4 RESEARCHER\n\nHitachi Energy reported to CISA that GWS was affected by these previously discovered vulnerabilities in open-source software components.\n\n## 4\\. MITIGATIONS\n\nHitachi Energy made the following updates available to remediate these vulnerabilities:\n\n * GWS 2.0.0.0 and earlier, GWS 2.1.0.0, GWS 2.2.0.0, GWS 2.3.0.0, GWS 2.4.0.0,GWS 3.0.0.0, GWS 3.1.0.0: Apply the mitigation factors as described in this advisory and in the mitigation section of Hitachi Energy advisory [8DBD000101](<https://search.abb.com/library/Download.aspx?DocumentID=8DBD000101>).\n * A remediated version of GWS 3.2.0.0 is planned. For updates or upgrades, [contact Hitachi Energy](<https://www.hitachienergy.com/contact-us/>).\n\nHitachi Energy recommends the following security practices and firewall configurations to help protect process control networks from outside attacks:\n\n * Physically protect process control systems from unauthorized direct access.\n * Separate process control systems from other networks using a firewall system with only the necessary ports open.\n * Process control systems should not be used for internet surfing, instant messaging, or receiving emails.\n * Portable computers and removable storage media should be carefully scanned for viruses before connecting to a control system.\n\nFor more information, see Hitachi security advisory [8DBD000101](<https://search.abb.com/library/Download.aspx?DocumentID=8DBD000101>)\n\nCISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nCISA also provides a section for [control systems security recommended practices](<https://www.cisa.gov/uscert/ics/recommended-practices>) on the [ICS webpage on cisa.gov/ics](<https://cisa.gov/ics>) Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on cisa.gov/ics](<https://cisa.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B>).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target these vulnerabilities. These vulnerabilities are exploitable remotely. These vulnerabilities have a low attack complexity.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-30T12:00:00", "type": "ics", "title": "Hitachi Energy Gateway Station (GWS) Product", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1968", "CVE-2020-8172", "CVE-2020-8174", "CVE-2020-8201", "CVE-2020-8252", "CVE-2020-8265", "CVE-2020-8287"], "modified": "2022-08-30T12:00:00", "id": "ICSA-22-242-02", "href": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-242-02", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-09T20:59:45", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 7.5**\n * **ATTENTION:** Exploitable remotely/low attack complexity\n * **Vendor:** Hitachi Energy\n * **Equipment:** FACTS Control Platform (FCP) Product\n * **Vulnerability:** Inconsistent Interpretation of HTTP Requests, Use After Free, Classic Buffer Overflow, Integer Underflow, Improper Certificate Validation, Observable Discrepancy.\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of these vulnerabilities may allow an attacker to eavesdrop on the traffic between network source and destination, gain unauthorized access to information or cause a denial-of service.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nHitachi Energy reports multiple open-source software related vulnerabilities in the following FACTS Control Platform (FCP) product versions: \n\n * FCP 1.1.0 - 1.3.0 \n * FCP 2.1.0 - 2.3.0 \n * FCP 3.0.0 - 3.12.0\n\n### 3.2 VULNERABILITY OVERVIEW\n\n#### 3.2.1 [RELIANCE ON UNCONTROLLED COMPONENT CWE-1357](<https://cwe.mitre.org/data/definitions/1357.html>)\n\nHitachi Energy is aware of public reports of multiple vulnerabilities in open-source software components (OpenSSL and Node.JS) used in the FACTS Control Platform (FCP) product. Versions are available to remediate the identified vulnerabilities.\n\n[CVE-2020-1968](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1968>), [CVE-2020-8172](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8172>), [CVE-2020-8174](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8174>), [CVE-2020-8201](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8201>), [CVE-2020-8252](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8252>), [CVE-2020-8265](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8265>), and [CVE-2020-8287](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8287>) have been assigned to these vulnerabilities in open-source components used by FCP. A CVSS v3 base score of 8.1 has been calculated for the worst case; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS: **Energy\n * **COUNTRIES/AREAS DEPLOYED:** Worldwide\n * **COMPANY HEADQUARTERS LOCATION:** Switzerland\n\n### 3.4 RESEARCHER\n\nHitachi Energy reported to CISA that FACTS Control Platform was affected by these previously discovered vulnerabilities in open-source software components.\n\n## 4\\. MITIGATIONS\n\nHitachi Energy has made the following updates available to remediate these vulnerabilities:\n\n * For FCP 1.1.0 - 1.3.0, FCP 2.1.0 - 2.3.0, FCP 3.0.0 - 3.12.0: Users should apply mitigations listed in this advisory and in the mitigation section of Hitachi Energy advisory [8DBD000104](<https://search.abb.com/library/Download.aspx?DocumentID=8DBD000104>).\n * A remediated version FCP 3.14.0 and 4.0.0 is planned. For update or upgrades, users should contact [Hitachi Energy](<https://www.hitachienergy.com/contact-us/>).\n\nHitachi Energy recommends the following security practices and firewall configurations to help protect a process control network from attacks that originate from outside the network: \n\n * Physically protect process control systems from unauthorized direct access.\n * Separate process control systems from other networks using firewall system that has a minimal number of ports open.\n * Process control systems should not be used for internet surfing, instant messaging, or receiving emails.\n * Portable computers and removable storage media should be carefully scanned for viruses connecting to a control system\n\nFor more information, see Hitachi Energy advisory [8DBD000104](<https://search.abb.com/library/Download.aspx?DocumentID=8DBD000104>).\n\nCISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nCISA also provides a section for [control systems security recommended practices](<https://www.cisa.gov/uscert/ics/recommended-practices>) on the [ICS webpage on cisa.gov/ics](<https://cisa.gov/ics>) Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on cisa.gov/ics](<https://cisa.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B>).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target these vulnerabilities. These vulnerabilities are exploitable remotely. These vulnerabilities have a low attack complexity.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-30T12:00:00", "type": "ics", "title": "Hitachi Energy FACTS Control Platform (FCP) Product", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1968", "CVE-2020-8172", "CVE-2020-8174", "CVE-2020-8201", "CVE-2020-8252", "CVE-2020-8265", "CVE-2020-8287"], "modified": "2022-08-30T12:00:00", "id": "ICSA-22-242-01", "href": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-242-01", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-09T21:26:19", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 8.8**\n * **ATTENTION: **Exploitable remotely/low attack complexity\n * **Vendor: **Hitachi Energy\n * **Equipment:** MicroSCADA Pro/X SYS600\n * **Vulnerabilities:** Observable Discrepancy, HTTP Request Smuggling, Classic Buffer Overflow, Improper Certificate Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer, Exposure of Sensitive Information to an Unauthorized Actor\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of these vulnerabilities could allow an attacker to eavesdrop on traffic between network source and destination, gain unauthorized access to information, or cause a denial-of-service condition.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following versions of MicroSCADA Pro/X SYS600, a SCADA product, are affected:\n\n * SYS600: Versions 10.1.1 and prior (OpenSSL Vulnerability)\n * SYS600: Versions 9.4 FP1 through 10.2.1 (Node.js vulnerabilities)\n * SYS600: Versions 10.0.0 through 10.2.1 (PostgreSQL vulnerabilities)\n\n### 3.2 VULNERABILITY OVERVIEW\n\n#### 3.2.1 [OBSERVABLE DISCREPANCY CWE-203](<https://cwe.mitre.org/data/definitions/203.html>)\n\nThe Raccoon attack exploits a flaw in the TLS specification that can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. This would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note this vulnerability only impacts DH ciphersuites and not ECDH ciphersuites. This vulnerability affects OpenSSL 1.0.2, which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).\n\n[CVE-2020-1968](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1968>) has been assigned to this vulnerability. A CVSS v3 base score of 3.7 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N>)).\n\n#### 3.2.2 [INCONSISTENT INTERPRETATION OF HTTP REQUESTS ('HTTP REQUEST SMUGGLING') CWE-444](<https://cwe.mitre.org/data/definitions/444.html>)\n\nNode.js versions prior to 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two transfer-encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP request smuggling.\n\n[CVE-2020-8265](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8265>) has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n#### 3.2.3 [INCONSISTENT INTERPRETATION OF HTTP REQUESTS ('HTTP REQUEST SMUGGLING') CWE-444](<https://cwe.mitre.org/data/definitions/444.html>)\n\nNode.js versions prior to 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two transfer-encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP request smuggling.\n\n[CVE-2020-8287](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8287>) has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n#### 3.2.4 [INCONSISTENT INTERPRETATION OF HTTP REQUESTS ('HTTP REQUEST SMUGGLING') CWE-444](<https://cwe.mitre.org/data/definitions/444.html>)\n\nNode.js &lt; 12.18.4 and &lt; 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack is possible due to a bug in processing of carrier-return symbols in the HTTP header names.\n\n[CVE-2020-8201](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8201>) has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n#### 3.2.5 [BUFFER COPY WITHOUT CHECKING SIZE OF INPUT ('CLASSIC BUFFER OVERFLOW') CWE-120](<https://cwe.mitre.org/data/definitions/120.html>)\n\nThe implementation of realpath in libuv &lt; 10.22.1, &lt; 12.18.4, and &lt; 14.9.0 used within Node.js incorrectly determined the buffer size, which can result in a buffer overflow if the resolved path is longer than 256 bytes.\n\n[CVE-2020-8252](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8252>) has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>)).\n\n#### 3.2.6 [IMPROPER CERTIFICATE VALIDATION CWE-295](<https://cwe.mitre.org/data/definitions/295.html>)\n\nTLS session reuse can lead to host certificate verification bypass in node version &lt; 12.18.0 and &lt; 14.4.0.\n\n[CVE-2020-8172](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8172>) has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n#### 3.2.7 [IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119](<https://cwe.mitre.org/data/definitions/119.html>)\n\nnapi_get_value_string_*() allows various kinds of memory corruption in node &lt; 10.21.0, 12.18.0, and &lt; 14.4.0.\n\n[CVE-2020-8174](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8174>) has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n#### 3.2.8 [IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119](<https://cwe.mitre.org/data/definitions/119.html>)\n\nA vulnerability was found in postgresql in versions prior to 13.3, 12.7, 11.12, 10.17, and 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n\n[CVE-2021-32027](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32027>) has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>)).\n\n#### 3.2.9 [EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200](<https://cwe.mitre.org/data/definitions/200.html>)\n\nA flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.\n\n[CVE-2021-32028](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32028>) has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS:** Energy \n * **COUNTRIES/AREAS DEPLOYED:** Worldwide\n * **COMPANY HEADQUARTERS LOCATION: **Switzerland\n\n### 3.4 RESEARCHER\n\nHitachi Energy reported these vulnerabilities to CISA.\n\n## 4\\. MITIGATIONS\n\nHitachi Energy recommends users update to Versions 10.3 or later. For obtaining the update users should contact the Hitachi Energy technical support team. If users don't know who to contact, they should reach the closest Hitachi Energy sales office.\n\nHitachi Energy also recommends the following general mitigation factors/workarounds:\n\nHitachi Energy recommends security practices and firewall configurations to help protect process control networks from attacks that originate from outside the network. Such practices include physically protecting process control systems from direct access by unauthorized personnel, having no direct connections to the Internet, separating from other networks by means of a firewall system that has a minimal number of ports exposed, and others that must be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.\n\nFor more information see Hitachi Energy advisory [8DBD000075](<https://search.abb.com/library/Download.aspx?DocumentID=8DBD000075&LanguageCode=en&DocumentPartId=&Action=Launch>)\n\nCISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure they are [not accessible from the Internet](<https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01>).\n * Locate control system networks and remote devices behind firewalls and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nCISA also provides a section for [control systems security recommended practices](<https://www.cisa.gov/uscert/ics/recommended-practices>) on the ICS webpage on [cisa.gov](<https://www.cisa.gov/uscert/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on cisa.gov](<https://www.cisa.gov/uscert/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B>).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target these vulnerabilities.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-21T12:00:00", "type": "ics", "title": "Hitachi Energy MicroSCADA Pro/X SYS600", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1968", "CVE-2020-8172", "CVE-2020-8174", "CVE-2020-8201", "CVE-2020-8252", "CVE-2020-8265", "CVE-2020-8287", "CVE-2021-32027", "CVE-2021-32028"], "modified": "2022-04-21T12:00:00", "id": "ICSA-22-111-03", "href": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-111-03", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2023-09-24T02:06:38", "description": "Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-13T02:10:30", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: nodejs-14.15.1-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10531", "CVE-2020-11080", "CVE-2020-14354", "CVE-2020-15095", "CVE-2020-8201", "CVE-2020-8251", "CVE-2020-8252"], "modified": "2020-12-13T02:10:30", "id": "FEDORA:57FF33092F97", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2023-06-06T15:24:47", "description": "### Background\n\nNode.js is a JavaScript runtime built on Chrome\u2019s V8 JavaScript engine. \n\n### Description\n\nMultiple vulnerabilities have been discovered in NodeJS. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll NodeJS 15 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/nodejs-15.5.1\"\n \n\nAll NodeJS 14 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/nodejs-14.15.1\"", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-11T00:00:00", "type": "gentoo", "title": "NodeJS: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15095", "CVE-2020-8172", "CVE-2020-8174", "CVE-2020-8201", "CVE-2020-8251", "CVE-2020-8265", "CVE-2020-8277", "CVE-2020-8287"], "modified": "2021-01-11T00:00:00", "id": "GLSA-202101-07", "href": "https://security.gentoo.org/glsa/202101-07", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}