18 matches found
MiracleLinux 8 : nodejs:16 (AXSA:2022-3781:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3781:01 advisory. npm: npm ci succeeds when package-lock.json doesn't match package.json CVE-2021-43616 Tenable has extracted the preceding description block directly from the...
Linux Distros Unpatched Vulnerability : CVE-2021-43616
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json...
CentOS 9 : nodejs-16.16.0-1.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the nodejs-16.16.0-1.el9 build changelog. - Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs...
Rocky Linux 8 : nodejs:16 (RLSA-2022:4796)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:4796 advisory. - DISPUTED The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from...
BELL-CVE-2021-43616 CVE-2021-43616 does not affect BellSoft software
Bulletin has no description...
Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities
Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...
Amazon Linux 2022 : nodejs (ALAS2022-2022-214)
The version of nodejs installed on the remote host is prior to 18.4.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-214 advisory. - The parser in accepts requests with a space SP right after the header name before the colon. This can lead to HTTP...
Amazon Linux 2022 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2022-2022-048)
It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-048 advisory. A flaw was found in npm. The npm ci command proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the...
AlmaLinux 8 : nodejs:16 (ALSA-2022:4796)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:4796 advisory. npm: npm ci succeeds when package-lock.json doesn't match package.json CVE-2021-43616 Tenable has extracted the preceding description block directly from the...
Important: Red Hat Security Advisory: nodejs:16 security update
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: nodejs:16 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: npm: npm ci succeeds when package-lock.json doesn't match package.json CVE-2021-43616 For more details about the security issues, including the...
RLSA-2022:4796 Important: nodejs:16 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: npm: npm ci succeeds when package-lock.json doesn't match package.json CVE-2021-43616 For more details about the security issues, including the...
ALSA-2022:4796 Important: nodejs:16 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: npm: npm ci succeeds when package-lock.json doesn't match package.json CVE-2021-43616 For more details about the security issues, including the...
nodejs:16 security update
nodejs 1:16.14.0-4 - Apply lock file validation fixes - Resolves CVE-2021-43616 - Resolves: RHBZ2070012...
Oracle Linux 8 : nodejs:16 (ELSA-2022-4796)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-4796 advisory. - Resolves CVE-2021-43616 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not teste...
CentOS 8 : nodejs:16 (CESA-2022:4796)
The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2022:4796 advisory. - npm: npm ci succeeds when package-lock.json doesn't match package.json CVE-2021-43616 Note that Nessus has not tested for this issue but has instead relied on...
Fedora: Security Advisory for nodejs (FEDORA-2022-97b214b298)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2021-43616
CVE-2021-43616 describes a behavior in the npm CLI where running the npm ci command (npm 7.x and 8.x up to 8.1.3) proceeds with installation even if dependency information in package-lock.json differs from package.json. The description notes this is inconsistent with the documentation and could a...