Node.js samba-client Command Command Injection Vulnerability

Node.js is an open source, cross-platform JavaScript runtime environment. A command injection vulnerability exists in samba-client for Node.js before version 4.0.0, which stems from the use of process.exec...

@glossgenius/eslint-config (>=1.0.2 <=1.0.7), @halonext/nestjs-express-cassandra (>=7.0.0 <=7.1.0) +7 more potentially affected by CVE-2021-26707 via merge-deep (>=3.0.0 <=3.0.2)

merge-deep NPM version =3.0.0, =1.0.2, =7.0.0, =5.2.0, =6.0.1, =0.0.1, =0.1.0, =0.0.11, =1.0.0, =1.2.4 Source cves: CVE-2021-26707 Source advisory: SNYK:JS-MERGEDEEP-1070277...

MGASA-2021-0068 Updated nodejs-ini package fixes a security vulnerability

It was discovered that there was an issue in nodejs-ini, where an application could be exploited by a malicious input file. This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on th...

Updated nodejs-ini package fixes a security vulnerability

It was discovered that there was an issue in nodejs-ini, where an application could be exploited by a malicious input file. This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on th...

Security fix for the ALT Linux 10 package node version 14.15.4-alt1

Feb. 5, 2021 Vitaly Lipatov 14.15.4-alt1 - new version 14.15.4 with rpmrb script - CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference High - CVE-2020-8265: use-after-free in TLSWrap High - CVE-2020-8287: HTTP Request Smuggling in nodejs Low...

nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function

A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code...

nodejs-angular: XSS due to regex-based HTML replacement

A XSS flaw was found in nodejs-angular. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...

AZL-75813 CVE-2020-28493 affecting package nodejs24 for versions less than 24.13.0-1

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to...

AZL-40857 CVE-2020-28493 affecting package nodejs for versions less than 20.14.0-1

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to...

CentOS 8 : nodejs:12 (CESA-2020:0598)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:0598 advisory. - nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string CVE-2019-15604 - nodejs: HTTP request smuggling using...

CentOS 8 : nodejs:10 (CESA-2020:0579)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:0579 advisory. - nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string CVE-2019-15604 - nodejs: HTTP request smuggling using...

CentOS 8 : nodejs:12 (CESA-2020:1293)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:1293 advisory. - ICU: Integer overflow in UnicodeString::doAppend CVE-2020-10531 Note that Nessus has not tested for this issue but has instead relied only on the application'...

CentOS 8 : nodejs:10 (CESA-2020:2848)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:2848 advisory. - nghttp2: overly large SETTINGS frames can lead to DoS CVE-2020-11080 - nodejs-minimist: prototype pollution allows adding or modifying properties of...

CentOS 8 : nodejs:12 (CESA-2020:5499)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:5499 advisory. - nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function CVE-2020-15366 - nodejs-yargs-parser: prototype pollution...

CentOS 8 : nodejs:12 (CESA-2020:2852)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:2852 advisory. - nghttp2: overly large SETTINGS frames can lead to DoS CVE-2020-11080 - nodejs-minimist: prototype pollution allows adding or modifying properties of...

CentOS 8 : nodejs:12 (CESA-2020:4272)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4272 advisory. - npm: sensitive information exposure through logs CVE-2020-15095 - nodejs-dot-prop: prototype pollution CVE-2020-8116 - nodejs: HTTP request smuggling...

CentOS 8 : nodejs:10 (CESA-2020:1317)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:1317 advisory. - ICU: Integer overflow in UnicodeString::doAppend CVE-2020-10531 Note that Nessus has not tested for this issue but has instead relied only on the application'...

CentOS 8 : nodejs:10 (CESA-2019:2925)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:2925 advisory. - nodejs: Insufficient Slowloris fix causing DoS via server.headersTimeout bypass CVE-2019-5737 - HTTP/2: large amount of data requests leads to denial...

CVE-2020-24025

A flaw was found in nodejs-node-sass. Certificate validation is disabled when requesting binaries even if the user is not specifying an alternative download path...

Photon OS 3.0: Nodejs PHSA-2021-3.0-0186

An update of the nodejs package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-3.0-0186. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid145413;...