RHSA-2021:0548 Red Hat Security Advisory: nodejs:10 security update

Bulletin has no description...

RHSA-2021:0521 Red Hat Security Advisory: rh-nodejs10-nodejs security update

Bulletin has no description...

Rocky Linux 8 : nodejs:10 (RLSA-2021:0548)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:0548 advisory. - Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like ://:@::/...

Amazon Linux 2 : http-parser (ALAS-2020-1417)

The version of http-parser installed on the remote host is prior to 2.7.1-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1417 advisory. HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed...

nodejs:10 security update

An update is available for nodejs-nodemon, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform for...

November 2018 Security Releases

November 2018 Security Releases Update 27-November-2018 Security releases available Summary Updates are now available for all active Node.js release lines. These include fixes for the vulnerabilities identified in the initial announcement below. They also include upgrades of Node.js 6 and 8 to...

CVE-2018-7166

In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause Buffer.alloc to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying encoding can be passed as a number, this is...

CVE-2018-7166

In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause Buffer.alloc to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying encoding can be passed as a number, this is...

Cross site scripting

Calling Buffer.fill or Buffer.alloc with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc and Buffer.fill were updated so that they zero fill instead of hanging in these cases. All versions of...

PT-2018-17924 · Node.Js · Node.Js

Name of the Vulnerable Software and Affected Versions: Node.js versions 9.7.0 and later Node.js versions 10.x Description: A bug in Node.js increases memory consumption when reading from the network into JavaScript using the net.Socket object directly as a stream. This can be exploited by an...