Important Photon OS Security Update - PHSA-2022-0164

Updates of 'nodejs' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2022-4.0-0164

Updates of 'nodejs' packages of Photon OS have been released...

Mageia: Security Advisory (MGASA-2022-0103)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated nodejs-tar packages fix security vulnerability

Untrusted tar file to symlink into an arbitrary location allowing file overwrites. CVE-2021-37712 Arbitrary file creation/overwrite and arbitrary code execution. CVE-2021-37701 Arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. CVE-2021-32803 Arbitrary File...

MGASA-2022-0103 Updated nodejs-tar packages fix security vulnerability

Untrusted tar file to symlink into an arbitrary location allowing file overwrites. CVE-2021-37712 Arbitrary file creation/overwrite and arbitrary code execution. CVE-2021-37701 Arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. CVE-2021-32803 Arbitrary File...

CVE-2022-21824 affecting package nodejs 14.18.1-1

CVE-2022-21824 affecting package nodejs 14.18.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2021-44532 affecting package nodejs 14.18.1-1

CVE-2021-44532 affecting package nodejs 14.18.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2021-44531 affecting package nodejs 14.18.1-1

CVE-2021-44531 affecting package nodejs 14.18.1-1. An upgraded version of the package is available that resolves this issue...

OESA-2022-1584 nodejs-fstream security update

Provides advanced file system stream objects for Node.js. These objects are like FS streams, but with stat on them, and support directories and symbolic links, as well as normal files. Also, you can use them to set the stats on a file, even if you don't change its contents, or to create a symlink...

generator-rest (=0.2.0), nodejsamazingenerator (>=1.0.0 <=1.70.60-stable) potentially affected by CVE-2022-25296 via bodymen (=1.1.1)

bodymen NPM version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on bodymen and may be impacted: - generator-rest =0.2.0 - nodejsamazingenerator =1.0.0, =1.70.60-stable Source cves: CVE-2022-25296 Source advisory: OSV:GHSA-VHXC-FHM5-QCP9...

? before the @ sign allows one to bypass whitelists

Description ? before the @ sign in HTTP URLs allows one to bypass whitelists Proof of Concept Convince NodeJS HTTP client to make a request to 127.0.0.1 bypassing a google.com whitelist. const parse = require'parse-url' const http = require'http' const url = parse"http://[email protected]" if...

OESA-2022-1544 nodejs-grunt security update

Grunt is the JavaScript task runner. Why use a task runner? In one word: automation. The less work you have to do when performing repetitive tasks like minification, compilation, unit testing, linting, etc, the easier your job becomes. After you've configured it, a task runner can do most of that...

OESA-2022-1546 nodejs-jison security update

A parser generator with Bison's API. Security Fixes: Insufficient input validation in npm package jison = 0.4.18 may lead to OS command injection attacks.CVE-2020-8178...

openSUSE 15 Security Update : nodejs-electron (openSUSE-SU-2022:0070-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0070-1 advisory. - Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.3.6 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.3.6 General Availability release images, which provide security updates and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...

The vulnerability of the `__proto__.write()` function in the Node.js interpreter, related to buffer overflow in the queue, allows a malicious actor to trigger a service failure.

The vulnerability of the proto.write function in the Node.js interpreter is related to buffer overflow in the queue. Exploiting this vulnerability could allow an attacker to cause a denial-of-service attack...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.2 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.4.2 General Availability release images. This update provides security fixes, fixes bugs, and updates the container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

OPENSUSE-SU-2022:0070-1 Security update for nodejs-electron

This update for nodejs-electron fixes the following issues: - Fix webpack-4 with OpenSSL 3.0 Update to version 16.0.9 https://github.com/electron/electron/releases/tag/v16.0.9 Update to version 16.0.8 https://github.com/electron/electron/releases/tag/v16.0.8 - Add devel package with node headers...

Security update for nodejs-electron (important)

openSUSE Security Update: Security update for nodejs-electron Announcement ID: openSUSE-SU-2022:0070-1 Rating: important References: Cross-References: CVE-2021-30625 CVE-2021-30626 CVE-2021-30627 CVE-2021-30628 CVE-2021-30630 CVE-2021-30631 CVE-2021-30632 CVE-2021-30633 CVE-2021-37981...

feling87-nodejs-libs (>=0.0.1 <=0.0.3) potentially affected by CVE-2022-24717 via @finastra/ssr-pages (=0.1.3)

@finastra/ssr-pages NPM version =0.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on @finastra/ssr-pages and may be impacted: - feling87-nodejs-libs =0.0.1, =0.0.3 Source cves: CVE-2022-24717 Source advisory: OSV:GHSA-7F63-H6G3-7CWM...