Lucene search
Gentoo FoundationMGASA-2021-0069HistoryFeb 05, 2021 - 2:54 p.m.
Updated nodejs packages fix security vulnerabilities
2021-02-0514:54:53
Gentoo Foundation
advisories.mageia.org
11
0.008 Low
EPSS
Percentile
81.7%
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits. (CVE-2020-8265). Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling. (CVE-2020-8287).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 7 | noarch | nodejs | < 10.23.1-10 | nodejs-10.23.1-10.mga7 |
Related
debian
debian
[SECURITY] [DSA 4826-1] nodejs security update
2021-01-06 22:02:51
[SECURITY] [DLA 3224-1] http-parser security update
2022-12-05 13:04:06
openvas
openvas
Mageia: Security Advisory (MGASA-2021-0069)
2022-01-28 00:00:00
Fedora: Security Advisory for nodejs (FEDORA-2021-fb1a136393)
2021-01-11 00:00:00
Debian: Security Advisory (DSA-4826-1)
2021-01-08 00:00:00
archlinux
archlinux
[ASA-202101-13] nodejs-lts-dubnium: multiple issues
2021-01-12 00:00:00
[ASA-202101-16] nodejs: multiple issues
2021-01-12 00:00:00
[ASA-202101-15] nodejs-lts-fermium: multiple issues
2021-01-12 00:00:00
nessus
nessus
Debian DSA-4826-1 : nodejs - security update
2021-01-11 00:00:00
Fedora 33 : 1:nodejs (2021-fb1a136393)
2021-01-11 00:00:00
SUSE SLES12 Security Update : nodejs14 (SUSE-SU-2021:0107-1)
2021-01-14 00:00:00
osv
osv
nodejs - security update
2021-01-06 00:00:00
BIT-node-2020-8265
2024-03-06 11:07:41
CVE-2020-8265
2021-01-06 21:15:14
ibm
ibm
Security Bulletin: Vulnerabilities in Node.js in IBM DataPower Gateway
2021-08-16 15:05:23
fedora
fedora
[SECURITY] Fedora 33 Update: nodejs-14.15.4-1.fc33
2021-01-10 01:28:45
[SECURITY] Fedora 32 Update: nodejs-12.20.1-1.fc32
2021-01-16 01:23:44
nodejsblog
nodejsblog
January 2021 Security Releases
2021-01-04 00:00:00
suse
suse
Security update for nodejs14 (moderate)
2021-01-15 00:00:00
Security update for nodejs10 (moderate)
2021-01-15 00:00:00
Security update for nodejs10 (moderate)
2021-01-16 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package node version 14.15.4-alt1
2021-02-05 00:00:00
Security fix for the ALT Linux 10 package node version 14.15.4-alt1
2021-02-05 00:00:00
freebsd
freebsd
Node.js -- January 2021 Security Releases
2021-01-04 00:00:00
cve
cve
CVE-2020-8265
2021-01-06 21:15:00
CVE-2020-8287
2021-01-06 21:15:00
redhatcve
redhatcve
CVE-2020-8265
2021-01-05 13:14:24
CVE-2020-8287
2021-01-05 14:33:28
ubuntucve
ubuntucve
CVE-2020-8265
2021-01-06 00:00:00
CVE-2020-8287
2021-01-06 00:00:00
hackerone
hackerone
Node.js: Node.js: use-after-free in TLSWrap
2020-09-22 12:49:41
Node.js: Potential HTTP Request Smuggling in nodejs
2020-10-08 05:24:20
cvelist
cvelist
CVE-2020-8265
2021-01-06 21:01:15
CVE-2020-8287
2021-01-06 00:00:00
photon
photon
alpinelinux
alpinelinux
CVE-2020-8265
2021-01-06 21:15:00
CVE-2020-8287
2021-01-06 21:15:00
prion
prion
Design/Logic Flaw
2021-01-06 21:15:00
Design/Logic Flaw
2021-01-06 21:15:00
veracode
veracode
Use After Free
2021-01-07 04:10:07
HTTP Request Smuggling
2021-01-06 04:57:20
debiancve
debiancve
CVE-2020-8265
2021-01-06 21:15:00
CVE-2020-8287
2021-01-06 21:15:00
githubexploit
githubexploit
Exploit for HTTP Request Smuggling in Nodejs Node.Js
2021-01-05 02:09:23
mageia
mageia
Updated http-parser packages fix security vulnerability
2022-10-28 09:54:08
ubuntu
ubuntu
http-parser vulnerability
2022-08-10 00:00:00
Node.js vulnerabilities
2023-09-19 00:00:00
oraclelinux
oraclelinux
nodejs:12 security update
2021-02-20 00:00:00
nodejs:14 security and bug fix update
2021-02-20 00:00:00
nodejs:10 security update
2021-02-20 00:00:00
almalinux
almalinux
Moderate: nodejs:12 security update
2021-02-16 07:34:29
Moderate: nodejs:14 security and bug fix update
2021-02-16 07:34:42
Moderate: nodejs:10 security update
2021-02-16 07:34:15
ics
ics
Hitachi Energy Gateway Station (GWS) Product
2022-08-30 12:00:00
Hitachi Energy FACTS Control Platform (FCP) Product
2022-08-30 12:00:00
Hitachi Energy MicroSCADA Pro/X SYS600
2022-04-21 12:00:00
redhat
redhat
(RHSA-2021:0485) Moderate: rh-nodejs12-nodejs security update
2021-02-11 13:08:55
(RHSA-2021:0549) Moderate: nodejs:12 security update
2021-02-16 07:34:29
(RHSA-2021:0551) Moderate: nodejs:14 security and bug fix update
2021-02-16 07:34:42
rocky
rocky
nodejs:14 security and bug fix update
2021-02-16 07:34:42
nodejs:12 security update
2021-02-16 07:34:29
nodejs:10 security update
2021-02-16 07:34:15
gentoo
gentoo
NodeJS: Multiple vulnerabilities
2021-01-11 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00