Lucene search
+L

52 matches found

RedHat Linux
RedHat Linux
added 2021/07/28 8:38 a.m.3 views

nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()

A regular expression denial of service vulnerability was found in hosted-git-info. If an application allows user input into the affected regular expression regexp function, shortcutMatch or fromUrl, then an attacker could craft a regexp which takes an ever increasing amount of time to process,...

5.3CVSS7.3AI score0.03612EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/07/28 8:36 a.m.4 views

nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()

A regular expression denial of service vulnerability was found in hosted-git-info. If an application allows user input into the affected regular expression regexp function, shortcutMatch or fromUrl, then an attacker could craft a regexp which takes an ever increasing amount of time to process,...

5.3CVSS7.3AI score0.03612EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2021/07/28 12:0 a.m.60 views

RHEL 7 : rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon (RHSA-2021:2931)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2931 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

7.5CVSS7.2AI score0.23132EPSS
Exploits3References12
Tenable Nessus
Tenable Nessus
added 2021/07/28 12:0 a.m.60 views

RHEL 7 : rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon (RHSA-2021:2932)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2932 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

7.5CVSS7.2AI score0.23132EPSS
Exploits3References12
OSV
OSV
added 2021/07/25 2:45 p.m.9 views

MGASA-2021-0372 Updated nodejs packages fix security vulnerabilities

This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require'y18n'; y18n.setLocale'proto'; y18n.updateLocalepolluted: true; console.logpolluted; // true CVE-2020-7774. The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Servic...

9.8CVSS7.1AI score0.69062EPSS
Exploits3References10
Mageia
Mageia
added 2021/07/25 2:45 p.m.64 views

Updated nodejs packages fix security vulnerabilities

This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require'y18n'; y18n.setLocale'proto'; y18n.updateLocalepolluted: true; console.logpolluted; // true CVE-2020-7774. The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Servic...

9.8CVSS3.9AI score0.69062EPSS
Exploits3References9
Tenable Nessus
Tenable Nessus
added 2021/07/22 12:0 a.m.47 views

Node.js 12.x < 12.22.2 / 14.x < 14.17.2 / 16.x < 16.4.1 Multiple Vulnerabilities

The version of Node.js installed on the remote host is prior to 12.22.2, 14.17.2, 16.4.1. It is, therefore, affected by multiple vulnerabilities as referenced in the July 2021 Security Releases advisory. - Node.js is vulnerable to out-of-bounds read in libuv's uvidnatoascii function which is used...

7.8CVSS6.8AI score0.23132EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 2021/07/20 12:0 a.m.43 views

openSUSE 15 Security Update : nodejs12 (openSUSE-SU-2021:1059-1)

"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1059-1 advisory. - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require'y18n' %NASLMINLEVEL 70300 C Tenable...

9.8CVSS7.4AI score0.69062EPSS
Exploits8References19
Tenable Nessus
Tenable Nessus
added 2021/07/20 12:0 a.m.34 views

openSUSE 15 Security Update : nodejs14 (openSUSE-SU-2021:1060-1)

"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1060-1 advisory. - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require'y18n' %NASLMINLEVEL 70300 C Tenable...

9.8CVSS7AI score0.69062EPSS
Exploits4References13
OPENSUSE Linux
OPENSUSE Linux
added 2021/07/20 12:0 a.m.93 views

Security update for nodejs10 (important)

openSUSE Security Update: Security update for nodejs10 Announcement ID: openSUSE-SU-2021:1061-1 Rating: important References: 1183155 1183851 1183852 1184450 1187973 1187976 1187977 Cross-References: CVE-2020-7774 CVE-2021-22918 CVE-2021-23362 CVE-2021-27290 CVE-2021-3449 CVE-2021-3450 CVSS score...

7.5CVSS8AI score0.69062EPSS
Exploits8References7
OpenVAS
OpenVAS
added 2021/07/14 12:0 a.m.19 views

Node.js 12.x < 12.22.2, 14.x < 14.17.0 Multiple Vulnerabilities - Windows

Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...

7.5CVSS8.1AI score0.0472EPSS
Exploits2References1
ArchLinux
ArchLinux
added 2021/07/06 12:0 a.m.213 views

[ASA-202107-13] nodejs: multiple issues

Arch Linux Security Advisory ASA-202107-13 ========================================== Severity: High Date : 2021-07-06 CVE-ID : CVE-2021-22918 CVE-2021-23362 CVE-2021-27290 Package : nodejs Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2126 Summary ======= The...

7.5CVSS0.9AI score0.23132EPSS
Exploits3References18
Node JS Blog
Node JS Blog
added 2021/07/01 12:0 a.m.53 views

July 2021 Security Releases

July 2021 Security Releases Update 1-Jul-2021 Security releases available Updates are now available for v16.x, v14.x, and v12.x Node.js release lines for the following issues. libuv upgrade - Out of bounds read Medium CVE-2021-22918 Node.js is vulnerable to out-of-bounds read in libuv's...

7.8CVSS6.8AI score0.23132EPSS
Exploits4
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/13 7:26 p.m.31 views

Security Bulletin: A security vulnerability in Node.js hosted-git-info module affects IBM Cloud Pak for Multicloud Management Managed Service

Summary A security vulnerability in Node.js hosted-git-info module affects IBM Cloud Pak for Multicloud Management Managed Service. Vulnerability Details CVEID: CVE-2021-23362 DESCRIPTION: Node.js hosted-git-info module is vulnerable to a denial of service, caused by a regular expression denial o...

5.3CVSS1.6AI score0.03612EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/13 7:20 p.m.28 views

Security Bulletin: A security vulnerability in Node.js hosted-git-info module affects IBM Cloud Automation Manager

Summary A security vulnerability in Node.js hosted-git-info module affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2021-23362 DESCRIPTION: Node.js hosted-git-info module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the...

5.3CVSS1.8AI score0.03612EPSS
Exploits1Affected Software1
Node.js
Node.js
added 2021/05/06 4:15 p.m.62 views

Regular Expression Denial of Service

Overview hosted-git-info before versions 2.8.9 and 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity Recommendation Upgrade to...

5CVSS4.7AI score0.03612EPSS
Exploits1Affected Software1
OSV
OSV
added 2021/05/06 4:10 p.m.6 views

GHSA-43F8-2H32-F4CJ Regular Expression Denial of Service in hosted-git-info

The npm package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity...

5.3CVSS6.8AI score0.03612EPSS
Exploits1References10
Github Security Blog
Github Security Blog
added 2021/05/06 4:10 p.m.44 views

Regular Expression Denial of Service in hosted-git-info

The npm package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity...

5.3CVSS3.4AI score0.03612EPSS
Exploits1References10Affected Software1
OSV
OSV
added 2021/05/06 11:2 a.m.3 views

OESA-2021-1168 nodejs-hosted-git-info security update

Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab Security Fixes: The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the fromUrl function in index.js. The affected...

5.3CVSS7AI score0.03612EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2021/03/25 3:23 p.m.41 views

CVE-2021-23362

A regular expression denial of service vulnerability was found in hosted-git-info. If an application allows user input into the affected regular expression regexp function, shortcutMatch or fromUrl, then an attacker could craft a regexp which takes an ever increasing amount of time to process,...

5.3CVSS4AI score0.03612EPSS
Exploits1References3
Rows per page
Query Builder