18 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-7158
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in...
K000136924: Node.JS vulnerabilities CVE-2018-7158, CVE-2018-7164, and CVE-2018-7166
Security Advisory Description CVE-2018-7158 The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The...
Mageia: Security Advisory (MGASA-2019-0277)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:0952-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:1183-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2018-7158
It was found that the 'path' module from Node.js was vulnerable to a Regular Expression Denial of Service REDoS flaw. An attacker able to provide a specially crafted file path to a Node.js script could force it to hang indefinitely...
SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2018:0952-1)
This update for nodejs4 fixes the following issues : - Fix some node-gyp permissions - New upstream maintenance 4.9.1 : - Security fixes : + CVE-2018-7158: Fix for 'path' module regular expression denial of service bsc1087459 + CVE-2018-7159: Reject spaces in HTTP Content-Length header values...
SUSE SLES12 Security Update : nodejs6 (SUSE-SU-2018:1183-1)
This update for nodejs6 fixes the following issues : - Fix some node-gyp permissions - New upstream LTS release 6.14.1 : - Security fixes : + CVE-2018-7160: Fix for inspector DNS rebinding vulnerability bsc1087463 + CVE-2018-7158: Fix for 'path' module regular expression denial of service...
Node.js multiple vulnerabilities (March 2018 Security Releases).
The version of Node.js installed on the remote host is 4.x prior to 4.9.0, 6.x prior to 6.14.0, 8.x prior to 8.11.0 or 9.x prior to 9.10.0. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's...
Security Bulletin: Node.js as used in IBM QRadar Packet Capture is susceptible to multiple vulnerabilities
Summary Node.js as used in IBM QRadar Packet Capture has been updated to resolve multiple vulnerabilities Vulnerability Details CVEID: CVE-2018-7158 Description: Node.js path module is vulnerable to a denial of service. By sending a specially crafted file path, an attacker could exploit this...
Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private and IBM Cloud Private Cloud Foundry (CVE-2018-7158, CVE-2018-7159, CVE-2018-7160)
Summary IBM Cloud Private and IBM Cloud Private Cloud Foundry are vulnerable to multiple security vulnerabilities Vulnerability Details CVEID: CVE-2018-7158 DESCRIPTION: Node.js path module is vulnerable to a denial of service. By sending a specially crafted file path, an attacker could exploit...
Node.js 'path' Module Regular Expression Denial-of-Service Vulnerability - Mac OS X
Node.js is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...
CVE-2018-7158
The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, splitPathRe, used within the...
openSUSE Security Update : nodejs6 (openSUSE-2018-444)
This update for nodejs6 fixes the following issues : - Fix some node-gyp permissions - New upstream LTS release 6.14.1 : - Security fixes : + CVE-2018-7160: Fix for inspector DNS rebinding vulnerability bsc1087463 + CVE-2018-7158: Fix for 'path' module regular expression denial of service...
openSUSE Security Update : nodejs4 (openSUSE-2018-375)
This update for nodejs4 fixes the following issues : - Fix some node-gyp permissions - New upstream maintenance 4.9.1 : - Security fixes : + CVE-2018-7158: Fix for 'path' module regular expression denial of service bsc1087459 + CVE-2018-7159: Reject spaces in HTTP Content-Length header values...
Fedora 26 : 1:nodejs (2018-e672eaf4df)
https://nodejs.org/en/blog/release/v8.11.0/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora 27 : 1:libuv / 1:nodejs (2018-ecf73042e3)
https://nodejs.org/en/blog/release/v8.11.0/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
March 2018 Security Releases
March 2018 Security Releases Update 28-March-2018 Security releases available Summary Updates are now available for all active Node.js release lines. These include the fix for the vulnerabilities identified in the initial announcement below. In addition to the vulnerabilities in the initial...