5 matches found
RHEL 7 : rh-nodejs8-nodejs (RHSA-2020:2625)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2625 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
Moderate: Red Hat Security Advisory: rh-nodejs8-nodejs security update
An update for rh-nodejs8-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
@fannarsh/trident (>=0.1.0 <=0.2.0), @hola.org/http-signature (=1.1.1-hola.1) +13 more potentially affected by CVE-2018-3737 via sshpk (>=1.0.4 <=1.13.1)
sshpk NPM version =1.0.4, =0.1.0, =2.67.0-hola.5, =2.67.0-lum.3, =1.1.0, =5.6.1, =1.4.2, =5.0.0, =0.0.0, =0.9.4, =0.9.12 Source cves: CVE-2018-3737 Source advisory: OSV:GHSA-2M39-62FM-Q8R3...
UBUNTU-CVE-2018-3737
sshpk is vulnerable to ReDoS when parsing crafted invalid public keys...
CVE-2018-3737
CVE-2018-3737 is a ReDoS vulnerability in the sshpk module when parsing crafted invalid public keys. Connected docs identify this issue as nodejs-sshpk (SSH public-key parsing) referenced in MiracleLinux AXSA-2020-200:01, noting the vulnerability in lib/formats/ssh.js. The Initial Description alr...