Lucene search
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2021-2620-1.NASLHistoryAug 06, 2021 - 12:00 a.m.
SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2021:2620-1)
2021-08-0600:00:00
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2620-1 advisory.
-
The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution. (CVE-2020-7774)
-
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes localhost6. When localhost6 is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim’s DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the localhost6 domain. As long as the attacker uses the localhost6 domain, they can still apply the attack described in CVE-2018-7160. (CVE-2021-22884)
-
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity. (CVE-2021-23362)
-
ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option. (CVE-2021-27290)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2021:2620-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(152251);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/13");
script_cve_id(
"CVE-2020-7774",
"CVE-2021-22884",
"CVE-2021-23362",
"CVE-2021-27290"
);
script_xref(name:"SuSE", value:"SUSE-SU-2021:2620-1");
script_xref(name:"IAVB", value:"2021-B-0041-S");
script_name(english:"SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2021:2620-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as
referenced in the SUSE-SU-2021:2620-1 advisory.
- The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution. (CVE-2020-7774)
- Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the
whitelist includes localhost6. When localhost6 is not present in /etc/hosts, it is just an ordinary
domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or
can spoof its responses, the DNS rebinding protection can be bypassed by using the localhost6 domain. As
long as the attacker uses the localhost6 domain, they can still apply the attack described in
CVE-2018-7160. (CVE-2021-22884)
- The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS)
via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression
exhibits polynomial worst-case time complexity. (CVE-2021-23362)
- ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a
denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of
service. This issue only affects consumers using the strict option. (CVE-2021-27290)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1182620");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1184450");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187976");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187977");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-7774");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-22884");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-23362");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-27290");
# https://lists.suse.com/pipermail/sle-security-updates/2021-August/009256.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b9adca25");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-7774");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/11/17");
script_set_attribute(attribute:"patch_publication_date", value:"2021/08/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/08/06");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs8-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs8-docs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:npm8");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES15|SLES_SAP15)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);
var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(0|1|2)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES15 SP0/1/2", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP15" && (! preg(pattern:"^(0|1)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP15 SP0/1", os_ver + " SP" + service_pack);
var pkgs = [
{'reference':'nodejs-common-2.0-3.2.1', 'sp':'0', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},
{'reference':'nodejs8-8.17.0-3.47.2', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},
{'reference':'nodejs8-devel-8.17.0-3.47.2', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},
{'reference':'nodejs8-docs-8.17.0-3.47.2', 'sp':'0', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},
{'reference':'npm8-8.17.0-3.47.2', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},
{'reference':'nodejs-common-2.0-3.2.1', 'sp':'1', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
{'reference':'nodejs8-8.17.0-3.47.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
{'reference':'nodejs8-devel-8.17.0-3.47.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
{'reference':'nodejs8-docs-8.17.0-3.47.2', 'sp':'1', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
{'reference':'npm8-8.17.0-3.47.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
{'reference':'nodejs-common-2.0-3.2.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},
{'reference':'nodejs8-8.17.0-3.47.2', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},
{'reference':'nodejs8-8.17.0-3.47.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},
{'reference':'nodejs8-devel-8.17.0-3.47.2', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},
{'reference':'nodejs8-devel-8.17.0-3.47.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},
{'reference':'nodejs8-docs-8.17.0-3.47.2', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},
{'reference':'npm8-8.17.0-3.47.2', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},
{'reference':'npm8-8.17.0-3.47.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},
{'reference':'nodejs-common-2.0-3.2.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},
{'reference':'nodejs-common-2.0-3.2.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},
{'reference':'nodejs8-8.17.0-3.47.2', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},
{'reference':'nodejs8-8.17.0-3.47.2', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},
{'reference':'nodejs8-8.17.0-3.47.2', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},
{'reference':'nodejs8-8.17.0-3.47.2', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},
{'reference':'nodejs8-devel-8.17.0-3.47.2', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},
{'reference':'nodejs8-devel-8.17.0-3.47.2', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},
{'reference':'nodejs8-devel-8.17.0-3.47.2', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},
{'reference':'nodejs8-devel-8.17.0-3.47.2', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},
{'reference':'nodejs8-docs-8.17.0-3.47.2', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},
{'reference':'nodejs8-docs-8.17.0-3.47.2', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},
{'reference':'npm8-8.17.0-3.47.2', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},
{'reference':'npm8-8.17.0-3.47.2', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},
{'reference':'npm8-8.17.0-3.47.2', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},
{'reference':'npm8-8.17.0-3.47.2', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},
{'reference':'nodejs-common-2.0-3.2.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},
{'reference':'nodejs8-8.17.0-3.47.2', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
{'reference':'nodejs8-8.17.0-3.47.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
{'reference':'nodejs8-devel-8.17.0-3.47.2', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
{'reference':'nodejs8-devel-8.17.0-3.47.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
{'reference':'nodejs8-docs-8.17.0-3.47.2', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},
{'reference':'npm8-8.17.0-3.47.2', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
{'reference':'npm8-8.17.0-3.47.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
{'reference':'nodejs-common-2.0-3.2.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-web-scripting-release-15.2']},
{'reference':'nodejs8-8.17.0-3.47.2', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},
{'reference':'nodejs8-devel-8.17.0-3.47.2', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},
{'reference':'npm8-8.17.0-3.47.2', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},
{'reference':'nodejs8-8.17.0-3.47.2', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},
{'reference':'nodejs8-devel-8.17.0-3.47.2', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},
{'reference':'npm8-8.17.0-3.47.2', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
var ltss_plugin_caveat = NULL;
if(ltss_caveat_required) ltss_plugin_caveat = '\n' +
'NOTE: This vulnerability check contains fixes that apply to\n' +
'packages only available in SUSE Enterprise Linux Server LTSS\n' +
'repositories. Access to these package security updates require\n' +
'a paid SUSE LTSS subscription.\n';
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get() + ltss_plugin_caveat
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs-common / nodejs8 / nodejs8-devel / nodejs8-docs / npm8');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | suse_linux | nodejs-common | p-cpe:/a:novell:suse_linux:nodejs-common |
| novell | suse_linux | nodejs8 | p-cpe:/a:novell:suse_linux:nodejs8 |
| novell | suse_linux | nodejs8-devel | p-cpe:/a:novell:suse_linux:nodejs8-devel |
| novell | suse_linux | nodejs8-docs | p-cpe:/a:novell:suse_linux:nodejs8-docs |
| novell | suse_linux | npm8 | p-cpe:/a:novell:suse_linux:npm8 |
| novell | suse_linux | 15 | cpe:/o:novell:suse_linux:15 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7774
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22884
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23362
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27290
www.nessus.org/u?b9adca25
bugzilla.suse.com/1182620
bugzilla.suse.com/1184450
bugzilla.suse.com/1187976
bugzilla.suse.com/1187977
www.suse.com/security/cve/CVE-2020-7774
www.suse.com/security/cve/CVE-2021-22884
www.suse.com/security/cve/CVE-2021-23362
www.suse.com/security/cve/CVE-2021-27290
Related
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2021:2620-1)
2021-08-06 00:00:00
Mageia: Security Advisory (MGASA-2021-0372)
2022-01-28 00:00:00
openSUSE: Security Advisory for nodejs8 (openSUSE-SU-2021:2618-1)
2021-08-07 00:00:00
suse
suse
Security update for nodejs8 (important)
2021-08-05 00:00:00
Security update for nodejs8 (important)
2021-08-10 00:00:00
Security update for nodejs14 (important)
2021-07-15 00:00:00
nessus
nessus
SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2021:2618-1)
2021-08-06 00:00:00
openSUSE 15 Security Update : nodejs8 (openSUSE-SU-2021:2618-1)
2021-08-06 00:00:00
openSUSE 15 Security Update : nodejs8 (openSUSE-SU-2021:1113-1)
2021-08-11 00:00:00
mageia
mageia
Updated nodejs packages fix security vulnerabilities
2021-07-25 17:45:06
Updated nodejs packages fix security vulnerabilities
2021-03-01 02:16:12
hackerone
hackerone
ubuntucve
ubuntucve
debiancve
debiancve
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container images may be vulnerable to Denial of Service attacks due to CVE-2021-23362 and CVE-2021-27290
2021-10-07 10:27:14
prion
prion
Code injection
2021-03-03 18:15:00
Design/Logic Flaw
2021-03-12 22:15:00
Remote code execution
2018-05-17 14:29:00
osv
osv
CVE-2021-22884
2021-03-03 18:15:14
BIT-node-2021-22884
2024-03-06 11:07:03
Moderate: nodejs:14 security, bug fix, and enhancement update
2021-08-10 12:00:51
cve
cve
alpinelinux
alpinelinux
redhatcve
redhatcve
almalinux
almalinux
Moderate: nodejs:14 security, bug fix, and enhancement update
2021-08-10 12:00:51
Moderate: nodejs:12 security, bug fix, and enhancement update
2021-08-10 12:00:47
Important: nodejs:12 security update
2021-03-04 15:17:37
archlinux
archlinux
[ASA-202107-13] nodejs: multiple issues
2021-07-06 00:00:00
[ASA-202107-33] nodejs-lts-erbium: multiple issues
2021-07-20 00:00:00
[ASA-202107-32] nodejs-lts-fermium: multiple issues
2021-07-20 00:00:00
oraclelinux
oraclelinux
nodejs:14 security, bug fix, and enhancement update
2021-08-12 00:00:00
nodejs:12 security, bug fix, and enhancement update
2021-08-12 00:00:00
nodejs:12 security update
2021-03-05 00:00:00
rocky
rocky
nodejs:14 security, bug fix, and enhancement update
2021-08-10 12:00:51
nodejs:12 security, bug fix, and enhancement update
2021-08-10 12:00:47
nodejs:14 security and bug fix update
2021-03-08 09:55:44
redhat
redhat
freebsd
freebsd
Node.js -- July 2021 Security Releases
2021-07-01 00:00:00
Node.js -- February 2021 Security Releases
2021-02-23 00:00:00
nodejsblog
nodejsblog
February 2021 Security Releases
2021-02-23 00:00:00
July 2021 Security Releases
2021-07-01 00:00:00
github
github
Regular Expression Denial of Service in hosted-git-info
2021-05-06 16:10:39
Regular Expression Denial of Service (ReDoS)
2021-03-19 21:24:36
Withdrawn Advisory: Node.js Inspector RCE via DNS Rebinding
2022-05-13 01:08:23
f5
f5
K63025104 : NodeJS vulnerability CVE-2018-7160
2019-11-25 00:00:00
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2021-03-24 04:03:06
DNS Rebinding
2018-05-09 08:26:57
DNS Rebinding
2021-02-24 17:20:17
nodejs
nodejs
Regular Expression Denial of Service
2021-05-06 16:15:08
Prototype Pollution
2021-03-12 23:16:43
ubuntu
ubuntu
hosted-git-info vulnerability
2022-09-02 00:00:00
huntr
huntr
Prototype Pollution in yargs/y18n
2020-10-15 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package node version 14.16.0-alt1
2021-02-23 00:00:00
Related for SUSE_SU-2021-2620-1.NASL