new module: nodejs:16

An update is available for nodejs-nodemon, nodejs, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This enhancement update adds the nodejs:16...

ALEA-2021:4200 new module: nodejs:16

This enhancement update adds the nodejs:16 module to AlmaLinuxas a Technology Preview. A future update will provide a Long Term Support LTS version of Node.js 16, which will be fully supported. BZ1953991 For detailed information on changes in this release, see the AlmaLinux Release Notes linked...

Rocket.Chat: Unintended information disclosure in the Hubot Log files

Dear Rocket.Chat Team While inspecting our logs I noticed, that the OAuth Tokens are leaked in plaintext in the logs. I wanted to draw your attention to this, as this is a security vulnerability. See the attached Screenshot for a redacted log excerpt. In my opinion, the best approach here would b...

Json-Ptr type obfuscation vulnerability

Json-Ptr is a full implementation of Json pointer Rfc 6901 for Nodejs and modern browsers. a security vulnerability exists in Json-Ptr, which stems from a design or implementation impropriety in the code development process of a web system or product. No details of the vulnerability are currently...

json-ptr 安全漏洞

Json-Ptr is a full implementation of Json pointer Rfc 6901 for Nodejs and modern browsers. a security vulnerability exists in Json-Ptr, which stems from a design or implementation impropriety in the code development process of a web system or product. No details of the vulnerability are currently...

OESA-2021-1409 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

Fedora: Security Advisory for nodejs (FEDORA-2021-9818cabe0d)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for nodejs (FEDORA-2021-9807b754d9)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for nodejs (FEDORA-2021-cbad295a90)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

UBUNTU-CVE-2021-42740

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

[ASA-202110-5] nodejs-lts-fermium: multiple issues

Arch Linux Security Advisory ASA-202110-5 ========================================= Severity: High Date : 2021-10-21 CVE-ID : CVE-2021-22939 CVE-2021-22940 CVE-2021-22959 CVE-2021-22960 Package : nodejs-lts-fermium Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2284...

Important: Red Hat Security Advisory: Red Hat Quay v3.6.0 security, bug fix and enhancement update

An update is now available for Red Hat Quay 3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

HTTP Request Smuggling (HRS)

nodejs is vulnerable to HTTP Request Smuggling HRS. The vulnerability exists due to an error related to a space in headers which allows an attacker to poison the web cache, bypassing the web application...

Nodejs Core 环境问题漏洞

Nodejs Core is a core module compiled into Nodejs from the OpenJS Openjs Foundation. The module provides underlying TCP, HTTP, DNS, filesystem, subprocessing, and other functionality support for Nodejs. An environmental issue vulnerability exists in Nodejs Core that stems from an attacker being...

Path traversal

keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This wou...

CVE-2021-41117 Insecure random number generation

keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This wou...

AZL-6742 CVE-2021-22930 affecting package nodejs for versions less than 16.14.0-1

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior...

MGASA-2021-0463 Updated nodejs packages fix security vulnerability

Multiple security fixes for nodejs. See references for details...

Fastify: 1-click DOS in fastify-static via directly passing user's input to new URL() of NodeJS without try/catch

Summary: When fastify-static is mounted at root and registered the option redirect: true default of redirect option is false, the following line directly feed user's input which is req.raw.url to URL API without try/catch: https://github.com/fastify/fastify-static/blob/master/index.jsL439. A remo...

inflect vulnerable to Inefficient Regular Expression Complexity

inflect is customizable inflections for nodejs. inflect is vulnerable to Inefficient Regular Expression Complexity...