Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise Logging bug fix and security update (5.3.3)

An update is now available for OpenShift Logging 5.3.3 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in t...

generator-rest (=0.2.0), nodejsamazingenerator (>=1.0.0 <=1.70.60-stable) potentially affected by CVE-2019-10792 +1 more via bodymen (=1.1.1)

bodymen NPM version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on bodymen and may be impacted: - generator-rest =0.2.0 - nodejsamazingenerator =1.0.0, =1.70.60-stable Source cves: CVE-2019-10792, CVE-2022-25296 Source advisory:...

SUSE-SU-2022:0113-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: - CVE-2021-44531: Fixed improper handling of URI Subject Alternative Names bsc1194511. - CVE-2021-44532: Fixed certificate Verification Bypass via String Injection bsc1194512. - CVE-2021-44533: Fixed incorrect handling of certificate subject an...

Improper Certificate Validation

nodejs is vulnerable to Improper handling of URI Subject Alternative Names. The vulnerability exists due to insufficient validation of URI Subject Alternative Names...

Arbitrary Code Execution

nodejs is vulnerable to arbitrary code execution. An attacker can inject and execute malicious name constraints When the library use string format to check the validity of the peer certificates against hostname...

Prototype Pollution

nodejs is vulnerable to Prototype Pollution. The vulnerability exists due to the formatting logic of the console.table function which allows an attacker to pass to the "properties" parameter...

Engine.Io 代码问题漏洞

Engine.Io is a transport-based implementation of the cross-browser/cross-device bi-directional communication layer of Socket. A code issue vulnerability exists in Engine.IO that stems from the product's failure to effectively handle exceptions raised by special HTTP requests. An attacker could us...

nodejs 代码注入漏洞

nodejs is a JavaScript runtime environment based on the ChromeV8 engine by wrapping the Chromev8 engine as well as using event-driven and non-blocking IO applications to make the development of high-performance background applications in Javascript possible. There is a code injection vulnerabilit...

nodejs 信任管理问题漏洞

nodejs is a JavaScript runtime environment based on the ChromeV8 engine by wrapping the Chromev8 engine as well as using event-driven and non-blocking IO applications to make the development of high-performance background applications in Javascript possible. There is a trust management issue...

nodejs 信任管理问题漏洞

nodejs is a JavaScript runtime environment based on the ChromeV8 engine that makes it possible to develop high-performance backend applications using Javascript by wrapping the Chromev8 engine and using event-driven and non-blocking IO applications. nodejs is vulnerable to trust management issues...

RHEL 7 : rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon (RHSA-2022:0041)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0041 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

GHSA-QPW2-XCHM-655Q Out-of-Bounds read in stringstream

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream when using Node.js 4.x. WITHDRAWN This is a duplicate of GHSA-mf6x-7mm4-x2g7...

nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes

A regular expression denial of service ReDoS vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes...

Updated nodejs packages fix security vulnerability

HTTP Request Smuggling due to spaces in headers. The http parser accepts requests with a space SP right after the header name before the colon. This can lead to HTTP Request Smuggling HRS. CVE-2021-22959 HTTP Request Smuggling when parsing the body. The parse ignores chunk extensions when parsing...

Improper Privilege Management in shelljs/shelljs

Details If ShellJS scripts running locally are using ShellJS exec function, local users on the filesystem can read the stdout of the running ShellJS process to disclose sensitive information present in the privileged process. This may leak sensitive information present in the privileged process...

Nodejs Command Injection Vulnerability

nodejs is a JavaScript runtime environment based on the ChromeV8 engine through the Chromev8 engine for the packaging and the use of event-driven and non-blocking IO applications so that the development of high-performance Javascript background applications has become possible . A command injecti...

nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes

A regular expression denial of service ReDoS vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes...

llhttp: HTTP Request Smuggling when parsing the body of chunked requests

An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. During the parsing of chunked messages, the chunk size parameter was not validated properly. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an...

nodejs-json-schema: Prototype pollution vulnerability

The json-schema Node.JS library was vulnerable to prototype pollution during the validation of a JSON object. An attacker, able to provide a specially crafted JSON file for validation, could use this flaw to modify the behavior of the node program, to, for example, execute arbitrary code...

RHEL 8 : nodejs:16 (RHSA-2021:5171)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5171 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...