52 matches found
nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()
A regular expression denial of service vulnerability was found in hosted-git-info. If an application allows user input into the affected regular expression regexp function, shortcutMatch or fromUrl, then an attacker could craft a regexp which takes an ever increasing amount of time to process,...
nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()
A regular expression denial of service vulnerability was found in hosted-git-info. If an application allows user input into the affected regular expression regexp function, shortcutMatch or fromUrl, then an attacker could craft a regexp which takes an ever increasing amount of time to process,...
RHEL 7 : rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon (RHSA-2021:2931)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2931 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
RHEL 7 : rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon (RHSA-2021:2932)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2932 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
MGASA-2021-0372 Updated nodejs packages fix security vulnerabilities
This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require'y18n'; y18n.setLocale'proto'; y18n.updateLocalepolluted: true; console.logpolluted; // true CVE-2020-7774. The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Servic...
Updated nodejs packages fix security vulnerabilities
This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require'y18n'; y18n.setLocale'proto'; y18n.updateLocalepolluted: true; console.logpolluted; // true CVE-2020-7774. The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Servic...
Node.js 12.x < 12.22.2 / 14.x < 14.17.2 / 16.x < 16.4.1 Multiple Vulnerabilities
The version of Node.js installed on the remote host is prior to 12.22.2, 14.17.2, 16.4.1. It is, therefore, affected by multiple vulnerabilities as referenced in the July 2021 Security Releases advisory. - Node.js is vulnerable to out-of-bounds read in libuv's uvidnatoascii function which is used...
openSUSE 15 Security Update : nodejs12 (openSUSE-SU-2021:1059-1)
"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1059-1 advisory. - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require'y18n' %NASLMINLEVEL 70300 C Tenable...
openSUSE 15 Security Update : nodejs14 (openSUSE-SU-2021:1060-1)
"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1060-1 advisory. - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require'y18n' %NASLMINLEVEL 70300 C Tenable...
Security update for nodejs10 (important)
openSUSE Security Update: Security update for nodejs10 Announcement ID: openSUSE-SU-2021:1061-1 Rating: important References: 1183155 1183851 1183852 1184450 1187973 1187976 1187977 Cross-References: CVE-2020-7774 CVE-2021-22918 CVE-2021-23362 CVE-2021-27290 CVE-2021-3449 CVE-2021-3450 CVSS score...
Node.js 12.x < 12.22.2, 14.x < 14.17.0 Multiple Vulnerabilities - Windows
Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...
[ASA-202107-13] nodejs: multiple issues
Arch Linux Security Advisory ASA-202107-13 ========================================== Severity: High Date : 2021-07-06 CVE-ID : CVE-2021-22918 CVE-2021-23362 CVE-2021-27290 Package : nodejs Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2126 Summary ======= The...
July 2021 Security Releases
July 2021 Security Releases Update 1-Jul-2021 Security releases available Updates are now available for v16.x, v14.x, and v12.x Node.js release lines for the following issues. libuv upgrade - Out of bounds read Medium CVE-2021-22918 Node.js is vulnerable to out-of-bounds read in libuv's...
Security Bulletin: A security vulnerability in Node.js hosted-git-info module affects IBM Cloud Pak for Multicloud Management Managed Service
Summary A security vulnerability in Node.js hosted-git-info module affects IBM Cloud Pak for Multicloud Management Managed Service. Vulnerability Details CVEID: CVE-2021-23362 DESCRIPTION: Node.js hosted-git-info module is vulnerable to a denial of service, caused by a regular expression denial o...
Security Bulletin: A security vulnerability in Node.js hosted-git-info module affects IBM Cloud Automation Manager
Summary A security vulnerability in Node.js hosted-git-info module affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2021-23362 DESCRIPTION: Node.js hosted-git-info module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the...
Regular Expression Denial of Service
Overview hosted-git-info before versions 2.8.9 and 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity Recommendation Upgrade to...
GHSA-43F8-2H32-F4CJ Regular Expression Denial of Service in hosted-git-info
The npm package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity...
Regular Expression Denial of Service in hosted-git-info
The npm package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity...
OESA-2021-1168 nodejs-hosted-git-info security update
Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab Security Fixes: The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the fromUrl function in index.js. The affected...
CVE-2021-23362
A regular expression denial of service vulnerability was found in hosted-git-info. If an application allows user input into the affected regular expression regexp function, shortcutMatch or fromUrl, then an attacker could craft a regexp which takes an ever increasing amount of time to process,...