OESA-2021-1168 nodejs-hosted-git-info security update

Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab Security Fixes: The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the fromUrl function in index.js. The affected...

AZL-45213 CVE-2021-31597 affecting package js-jquery 3.5.0-4

The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized when the property exists but is undefined is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected...

nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

Fedora: Security Advisory for nodejs (FEDORA-2021-fb1a136393)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for nodejs (FEDORA-2020-fed59ab473)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Photon OS 1.0: Nodejs PHSA-2020-1.0-0306

An update of the nodejs package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-1.0-0306. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid13844...

Curlrequest OS Command Injection Vulnerability

curlrequest is a Node.js-based package for transferring data over URLs. An operating system command injection vulnerability exists in curlrequest 1.0.1 and earlier versions. An attacker can exploit this vulnerability to inject and execute arbitrary commands...

Photon OS 2.0: Nodejs PHSA-2020-2.0-0210

An update of the nodejs package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-2.0-0210. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid13408...

Critical Photon OS Security Update - PHSA-2020-0060

Updates of 'nodejs' packages of Photon OS have been released...

Unspecified vulnerability in noderequest

noderequest is a package of request nodes for use in Node.js. A security vulnerability exists in noderequest. An attacker can exploit the vulnerability to steal environment variables...

UBUNTU-CVE-2015-8855

The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service CPU consumption via a long version string, aka a "regular expression denial of service ReDoS."...

MGASA-2015-0186 Updated nodejs packages fix security vulnerabilities

Updated nodejs package fixes security vulnerability: It was found that libuv does not call setgoups before calling setuid/setgid. This may potentially allow an attacker to gain elevated privileges CVE-2015-0278. The libuv library is bundled with nodejs, and a fixed version of libuv is included wi...

Mandriva Linux Security Advisory : nodejs (MDVSA-2015:142)

Updated nodejs package fixes security vulnerabilities : A memory corruption vulnerability, which results in a denial-of-service, was identified in the versions of V8 that ship with Node.js 0.8 and 0.10. In certain circumstances, a particularly deep recursive workload that may trigger a GC and...