Lucene search
+L

14 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-39134

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - @npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarante...

8.2CVSS7.3AI score0.00576EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/22 7:38 p.m.29 views

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Node.js (CVE-2021-39134)

Summary Security Vulnerabilities affect IBM Cloud Private - Node.js Vulnerability Details CVEID: CVE-2021-39134 DESCRIPTION: Node.js @npmcli/arborist module could allow a local attacker to launch a symlink attack, caused by the failure of multiple dependencies to coexist within the same level in...

8.2CVSS0.4AI score0.00576EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2022/02/08 12:0 a.m.27 views

openSUSE: Security Advisory for nodejs14 (openSUSE-SU-2021:1552-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.6CVSS8AI score0.03286EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.21 views

Mageia: Security Advisory (MGASA-2021-0463)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.7AI score0.21952EPSS
Exploits3References7
OpenVAS
OpenVAS
added 2022/01/20 12:0 a.m.29 views

SUSE: Security Advisory (SUSE-SU-2022:0101-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.6CVSS7.3AI score0.21514EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2021/12/08 12:0 a.m.27 views

openSUSE: Security Advisory for nodejs14 (openSUSE-SU-2021:3964-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.6CVSS8AI score0.03286EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2021/12/07 12:0 a.m.33 views

openSUSE: Security Advisory for nodejs12 (openSUSE-SU-2021:3940-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.6CVSS8AI score0.03286EPSS
Exploits2References2
OPENSUSE Linux
OPENSUSE Linux
added 2021/12/06 12:0 a.m.53 views

Security update for nodejs12 (important)

openSUSE Security Update: Security update for nodejs12 Announcement ID: openSUSE-SU-2021:3940-1 Rating: important References: 1190053 1190054 1190055 1190056 1190057 1191601 1191602 Cross-References: CVE-2021-22959 CVE-2021-22960 CVE-2021-37701 CVE-2021-37712 CVE-2021-37713 CVE-2021-39134...

8.1CVSS7.7AI score0.03286EPSS
Exploits2References7
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/07 10:29 a.m.24 views

Security Bulletin: IBM App Connect Enterprise Certified Container Integration Servers may be vulnerable to a symlink attack due to CVE-2021-39134

Summary IBM App Connect Enterprise Certified Container Integration Server images may be vulnerable to a symlink attack that could alter the files on disk due to vulnerabilities in the Node module npm. The npm module is not used at runtime by IBM App Connect Enterprise itself, but anyone using the...

8.2CVSS1.5AI score0.00576EPSS
Exploits0Affected Software1
ALT Linux
ALT Linux
added 2021/09/01 12:0 a.m.105 views

Security fix for the ALT Linux 10 package node version 14.17.6-alt1

Sept. 1, 2021 Vitaly Lipatov 14.17.6-alt1 - new version 14.17.6 with rpmrb script - set npm = 6.14.15 - set openssl = 1.1.1l - CVE-2021-32803, CVE-2021-32804, CVE-2021-37701, CVE-2021-37712, CVE-2021-37713, CVE-2021-39134, CVE-2021-39135...

5.8CVSS8.6AI score0.15014EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2021/08/31 5:15 p.m.49 views

CVE-2021-39134

@npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder...

8.2CVSS7AI score0.00576EPSS
Exploits0References3
CVE
CVE
added 2021/08/31 4:55 p.m.167 views

CVE-2021-39134

CVE-2021-39134 affects Node.js @npmcli/arborist. On case-insensitive file systems, Arborist could allow a local attacker to write arbitrary contents to arbitrary filesystem locations via a symlink dependency crafted across conflicting case names (e.g., pwn-a with foo:"file:/some/path" and pwn-b w...

8.2CVSS6.5AI score0.00576EPSS
Exploits0References4Affected Software1
Node.js
Node.js
added 2021/08/31 4:14 p.m.72 views

UNIX Symbolic Link (Symlink) Following

Overview Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution @npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be...

4.4CVSS0.5AI score0.00576EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2021/08/31 4:4 p.m.6 views

433bf (=0.0.1), @achinet/nestjs-async (=0.0.1) +147 more potentially affected by CVE-2021-39134 via @npmcli/arborist (>=0.0.0-pre.10 <=2.10.0)

@npmcli/arborist NPM version =0.0.0-pre.10, =1.2.0, =8.1.0, =1.1.0-next.4, =0.2.7, =0.13.0, =0.0.1, =0.0.1, =0.0.29, =1.1.0-rc.283, =1.1.0-rc.282, =1.1.0-rc.292 and more Source cves: CVE-2021-39134 Source advisory: OSV:GHSA-2H3H-Q99F-3FHC...

8.2CVSS7.1AI score0.00576EPSS
Exploits0
Rows per page
Query Builder