Lucene search

K
gentooGentoo FoundationGLSA-202003-48
HistoryMar 20, 2020 - 12:00 a.m.

Node.js: Multiple vulnerabilities

2020-03-2000:00:00
Gentoo Foundation
security.gentoo.org
24

0.016 Low

EPSS

Percentile

87.6%

Background

Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine.

Description

Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could possibly write arbitrary files, cause a Denial of Service condition or can conduct HTTP request splitting attacks.

Workaround

There is no known workaround at this time.

Resolution

All Node.js <12.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=net-libs/nodejs-10.19.0"

All Node.js 12.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=net-libs/nodejs-12.15.0"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-libs/nodejs< 12.15.0UNKNOWN