Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise Logging bug fix and security update (5.2.6)

An update is now available for OpenShift Logging 5.2.6 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in t...

Vulnerabilities fixed in node.js

Vulnerabilities have been fixed in node.js 12, 14 and 16. Due to a flaw in certificate handling, a remote malicious party could remotely could potentially manipulate traffic to an application running on node.js manipulate traffic to gain access to sensitive data. -= Fedora =- Fedora has made...

Fedora: Security Advisory for nodejs (FEDORA-2022-78090d2099)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for nodejs (FEDORA-2022-0eda327cb4)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise Logging bug fix and security update (5.3.3)

An update is now available for OpenShift Logging 5.3.3 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in t...

The vulnerability of the Node.js software platform, related to the use of memory after it is freed, allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Node.js software platform is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker who operates remotely to gain access to confidential data, compromise its integrity, and cause service failures...

generator-rest (=0.2.0), nodejsamazingenerator (>=1.0.0 <=1.70.60-stable) potentially affected by CVE-2019-10792 +1 more via bodymen (=1.1.1)

bodymen NPM version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on bodymen and may be impacted: - generator-rest =0.2.0 - nodejsamazingenerator =1.0.0, =1.70.60-stable Source cves: CVE-2019-10792, CVE-2022-25296 Source advisory:...

SUSE-SU-2022:0113-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: - CVE-2021-44531: Fixed improper handling of URI Subject Alternative Names bsc1194511. - CVE-2021-44532: Fixed certificate Verification Bypass via String Injection bsc1194512. - CVE-2021-44533: Fixed incorrect handling of certificate subject an...

Improper Certificate Validation

nodejs is vulnerable to Improper handling of URI Subject Alternative Names. The vulnerability exists due to insufficient validation of URI Subject Alternative Names...

Arbitrary Code Execution

nodejs is vulnerable to arbitrary code execution. An attacker can inject and execute malicious name constraints When the library use string format to check the validity of the peer certificates against hostname...

Prototype Pollution

nodejs is vulnerable to Prototype Pollution. The vulnerability exists due to the formatting logic of the console.table function which allows an attacker to pass to the "properties" parameter...

Engine.Io 代码问题漏洞

Engine.Io is a transport-based implementation of the cross-browser/cross-device bi-directional communication layer of Socket. A code issue vulnerability exists in Engine.IO that stems from the product's failure to effectively handle exceptions raised by special HTTP requests. An attacker could us...

nodejs 代码注入漏洞

nodejs is a JavaScript runtime environment based on the ChromeV8 engine by wrapping the Chromev8 engine as well as using event-driven and non-blocking IO applications to make the development of high-performance background applications in Javascript possible. There is a code injection vulnerabilit...

nodejs 信任管理问题漏洞

nodejs is a JavaScript runtime environment based on the ChromeV8 engine by wrapping the Chromev8 engine as well as using event-driven and non-blocking IO applications to make the development of high-performance background applications in Javascript possible. There is a trust management issue...

nodejs 信任管理问题漏洞

nodejs is a JavaScript runtime environment based on the ChromeV8 engine that makes it possible to develop high-performance backend applications using Javascript by wrapping the Chromev8 engine and using event-driven and non-blocking IO applications. nodejs is vulnerable to trust management issues...

RHEL 7 : rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon (RHSA-2022:0041)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0041 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

GHSA-QPW2-XCHM-655Q Out-of-Bounds read in stringstream

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream when using Node.js 4.x. WITHDRAWN This is a duplicate of GHSA-mf6x-7mm4-x2g7...

nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes

A regular expression denial of service ReDoS vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes...

Updated nodejs packages fix security vulnerability

HTTP Request Smuggling due to spaces in headers. The http parser accepts requests with a space SP right after the header name before the colon. This can lead to HTTP Request Smuggling HRS. CVE-2021-22959 HTTP Request Smuggling when parsing the body. The parse ignores chunk extensions when parsing...

Improper Privilege Management in shelljs/shelljs

Details If ShellJS scripts running locally are using ShellJS exec function, local users on the filesystem can read the stdout of the running ShellJS process to disclose sensitive information present in the privileged process. This may leak sensitive information present in the privileged process...