51 matches found
Unity Linux 20.1060e / 20.1070e Security Update: nodejs-hosted-git-info (UTSA-2026-016626)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016626 advisory. The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the fromUrl function in...
Astra Linux - уязвимость в node-hosted-git-info
Packages that use hosted-git-info before version 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS attacks due to the regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expressions have a polynomial worst-case time complexity...
MiracleLinux 8 : nodejs:14 (AXSA:2021-2343:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2343:01 advisory. nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl CVE-2021-23362 nodejs-ssri: Regular expression DoS ReDoS...
EUVD-2021-0928
Malware in sbrugna...
Alibaba Cloud Linux 3 : 0056: nodejs:14 (ALINUX3-SA-2021:0056)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0056 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-22918: Node.js before 16.4.1,...
RHEL 8 : pcs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl CVE-2021-23362 ...
RHEL 8 : pcs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ejs: server-side template injection in outputFunctionName CVE-2022-29078 - The package handlebars before...
Ubuntu 18.04 ESM / 20.04 ESM : hosted-git-info vulnerability (USN-5216-1)
The remote Ubuntu 18.04 ESM / 20.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-5216-1 advisory. It was discovered that hosted-git-info incorrectly handled certain inputs. A remote attacker could use this to cause a denial of service. Tenable has...
SUSE CVE-2021-23362
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity...
Ubuntu: Security Advisory (USN-5216-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5216-1 node-hosted-git-info vulnerability
It was discovered that hosted-git-info incorrectly handled certain inputs. A remote attacker could use this to cause a denial of service...
USN-5216-1: hosted-git-info vulnerability
It was discovered that hosted-git-info incorrectly handled certain inputs. A remote attacker could use this to cause a denial of service...
nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()
A regular expression denial of service vulnerability was found in hosted-git-info. If an application allows user input into the affected regular expression regexp function, shortcutMatch or fromUrl, then an attacker could craft a regexp which takes an ever increasing amount of time to process,...
nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()
A regular expression denial of service vulnerability was found in hosted-git-info. If an application allows user input into the affected regular expression regexp function, shortcutMatch or fromUrl, then an attacker could craft a regexp which takes an ever increasing amount of time to process,...
Oracle Linux 8 : nodejs:14 (ELSA-2021-3074)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-3074 advisory. - Resolves CVE-2021-22918libuv, use system cipher list Tenable has extracted the preceding description block directly from the Oracle Linux security...
CentOS 8 : nodejs:12 (CESA-2021:3073)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:3073 advisory. - libuv: out-of-bounds read in uvidnatoascii can lead to information disclosures or crashes CVE-2021-22918 - nodejs-hosted-git-info: Regular Expression...
openSUSE 15 Security Update : nodejs8 (openSUSE-SU-2021:1113-1)
"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1113-1 advisory. - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require'y18n' %NASLMINLEVEL 70300 C Tenable...
nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()
A regular expression denial of service vulnerability was found in hosted-git-info. If an application allows user input into the affected regular expression regexp function, shortcutMatch or fromUrl, then an attacker could craft a regexp which takes an ever increasing amount of time to process,...
nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()
A regular expression denial of service vulnerability was found in hosted-git-info. If an application allows user input into the affected regular expression regexp function, shortcutMatch or fromUrl, then an attacker could craft a regexp which takes an ever increasing amount of time to process,...
nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()
A regular expression denial of service vulnerability was found in hosted-git-info. If an application allows user input into the affected regular expression regexp function, shortcutMatch or fromUrl, then an attacker could craft a regexp which takes an ever increasing amount of time to process,...