59 matches found
nodejs:18 security, bug fix, and enhancement update
nodejs 1:18.12.1-2 - Update version of bundled histogram 1:18.12.1-1 - Rebase to version 18.12.1 Resolves: rhbz2125580 CVE-2022-43548 CVE-2022-3517 1:18.9.1-1 - Rebase to version 18.9.1 Resolves: CVE-2022-35255 CVE-2022-35256 nodejs-nodemon 2.0.20-1 - Rebase to 2.0.20 Resolves: CVE-2022-3517...
AZL-44307 CVE-2022-24999 affecting package nodejs-nodemon 2.0.3-5
qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string ...
RHEL 9 : nodejs and nodejs-nodemon (RHSA-2022:6595)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6595 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
RLSA-2022:6595 Moderate: nodejs and nodejs-nodemon security and bug fix update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16.16.0, nodejs-nodemon 2.0.19. BZ2124230, BZ2124233 Security Fixes: nodejs-ini:...
ALSA-2022:6595 Moderate: nodejs and nodejs-nodemon security and bug fix update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16.16.0, nodejs-nodemon 2.0.19. BZ2124230, BZ2124233 Security Fixes: nodejs-ini:...
RHEL 7 : rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon (RHSA-2021:2931)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2931 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
AZL-44118 CVE-2020-28469 affecting package nodejs-nodemon 2.0.3-5
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator...
nodejs:14 security and bug fix update
An update is available for nodejs-nodemon, nodejs, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform f...
nodejs:12 security update
nodejs 1:12.20.1-1 - Security rebase for January security release - https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/ - Resolves: RHBZ1916460, RHBZ1914786 - Resolves: RHBZ1914784, RHBZ1916396 nodejs-nodemon 2.0.3-1 - Resolves: RHBZ1921841, RHBZ1921843, RHBZ1921842 - Rebase ...
14 bug fix and enhancement update
An update is available for nodejs-nodemon, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform for...
nodejs:12 security update
An update is available for nodejs-nodemon, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform for...
AZL-44310 CVE-2020-7598 affecting package nodejs-nodemon 2.0.3-5
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload...
nodejs:12 security update
nodejs 1:12.16.1-1 - Resolves: RHBZ1800393, RHBZ1800394, RHBZ1800380 - Rebase to 12.16.1 nodejs-nodemon nodejs-packaging...
AZL-44064 CVE-2019-10795 affecting package nodejs-nodemon 2.0.3-5
undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' function could be tricked into adding or modifying properties of Object.prototype using a proto payload...
12 enhancement update
An update is available for nodejs-nodemon, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The following packages have been upgraded to a later...
AZL-44412 CVE-2016-1000236 affecting package nodejs-nodemon 2.0.3-5
Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used...
AZL-43819 CVE-2017-16137 affecting package nodejs-nodemon 2.0.3-4
The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue...
AZL-45075 CVE-2017-1000048 affecting package nodejs-nodemon 2.0.3-5
the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash...
AZL-45024 CVE-2015-8859 affecting package nodejs-nodemon 2.0.3-5
The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors...