Moderate Photon OS Security Update - PHSA-2022-4.0-0262

Updates of 'nodejs' packages of Photon OS have been released...

Malicious Package

Overview @moonactive-innersource/ins-profiles-service-sdk-nodejs is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore,...

DEBIAN-CVE-2022-37616

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...

AZL-38290 CVE-2022-37616 affecting package python-tensorboard for versions less than 2.16.2-1

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...

UBUNTU-CVE-2022-37616

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...

The vulnerability of the Node.js software platform, related to errors in the implementation of authentication procedures, allows attackers to disclose sensitive information that should be protected.

The vulnerability of the Node.js software platform is related to errors in the implementation of authentication procedures. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information that is protected by the system...

SUSE-SU-2022:3524-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: Updated to version 16.17.1: - CVE-2022-32213: Fixed bypass via obs-fold mechanic bsc1201325. - CVE-2022-32215: Fixed incorrect Parsing of Multi-line Transfer-Encoding bsc1201327. - CVE-2022-35256: Fixed incorrect Parsing of Header Fields...

DLA-3137-1 nodejs - security update

Bulletin has no description...

Mageia: Security Advisory (MGASA-2022-0354)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated nodejs packages fix security vulnerability

DNS rebinding in --inspect on macOS CVE-2022-32212 Bypass via obs-fold mechanic CVE-2022-32213 HTTP Request Smuggling Due to Incorrect Parsing of Header Fields CVE-2022-35256...

isolated-vm has vulnerable CachedDataOptions in API

Impact If the untrusted v8 cached data is passed to the API through CachedDataOptions, the attackers can bypass the sandbox and run arbitrary code in the nodejs process. Version 4.3.7 changes the documentation to warn users that they should not accept cachedData payloads from a user...

GHSA-2JJQ-X548-RHPV isolated-vm has vulnerable CachedDataOptions in API

Impact If the untrusted v8 cached data is passed to the API through CachedDataOptions, the attackers can bypass the sandbox and run arbitrary code in the nodejs process. Version 4.3.7 changes the documentation to warn users that they should not accept cachedData payloads from a user...

CVE-2022-39266

isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface. In versions 4.3.6 and prior, if the untrusted v8 cached data is passed to the API through CachedDataOptions, attackers can bypass the sandbox and run arbitrary code in the nodejs process. Version 4.3.7...

Design/Logic Flaw

isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface. In versions 4.3.6 and prior, if the untrusted v8 cached data is passed to the API through CachedDataOptions, attackers can bypass the sandbox and run arbitrary code in the nodejs process. Version 4.3.7...

CVE-2022-39266 isolated-vm has vulnerable CachedDataOptions in API

isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface. In versions 4.3.6 and prior, if the untrusted v8 cached data is passed to the API through CachedDataOptions, attackers can bypass the sandbox and run arbitrary code in the nodejs process. Version 4.3.7...

CVE-2022-39266

CVE-2022-39266 affects the isolated-vm library for Node.js. The root cause is that in versions up to 4.3.6, passing untrusted V8 cached data via CachedDataOptions can bypass the sandbox and allow arbitrary code execution in the Node.js process. Multiple connected documents confirm the issue and p...

CVE-2022-39266 isolated-vm has vulnerable CachedDataOptions in API

isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface. In versions 4.3.6 and prior, if the untrusted v8 cached data is passed to the API through CachedDataOptions, attackers can bypass the sandbox and run arbitrary code in the nodejs process. Version 4.3.7...

CVE-2022-35256

A vulnerability was found in NodeJS due to improper validation of HTTP requests. The llhttp parser in the HTTP module in Node.js does not correctly handle header fields that are not terminated with CLRF. This issue may result in HTTP Request Smuggling. This flaw allows a remote attacker to send a...

OESA-2022-1933 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

Security Bulletin: A security vulnerability in Nodejs follow-redirects affects IBM Cloud Pak for Multicloud Management Managed Services

Summary A security vulnerability in Nodejs follow-redirects affects IBM Cloud Pak for Multicloud Management Managed Services Vulnerability Details CVEID:CVE-2022-0536 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused b...