CentOS 8 : nodejs:16 (CESA-2021:5171)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:5171 advisory. - nodejs-glob-parent: Regular expression denial of service CVE-2020-28469 - nodejs-ini: Prototype pollution via malicious INI file CVE-2020-7788 -...

nodejs:16 security, bug fix, and enhancement update

An update is available for nodejs-nodemon, nodejs, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform f...

Critical: Red Hat Security Advisory: Red Hat Fuse 7.10.0 release and security update

A minor version update from 7.9 to 7.10 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.9.0 enhancement, security, and bug fix update

Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.9.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVS...

OPENSUSE-SU-2021:1552-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: nodejs14 was updated to 14.18.1: deps: update llhttp to 2.1.4 - HTTP Request Smuggling due to spaced in headers bsc1191601, CVE-2021-22959 - HTTP Request Smuggling when parsing the body bsc1191602, CVE-2021-22960 Changes in 14.18.0: buffer: +...

ALPINE-CVE-2021-43803

Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes. PoC await...

CVE-2021-39135

A flaw was found in nodejs-arborist. Arborist could write package dependencies to any arbitrary location on the file system if an attacker had replaced a project folder with a symbolic link in the nodemodules folder. The highest threat from this vulnerability is to data integrity and system...

OPENSUSE-SU-2021:3940-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: - CVE-2021-22959: Fixed HTTP Request Smuggling due to spaced in headers bsc1191601. - CVE-2021-22960: Fixed HTTP Request Smuggling when parsing the body bsc1191602. - CVE-2021-37701: Fixed arbitrary file creation and overwrite in nodejs-tar...

SUSE-SU-2021:3940-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: - CVE-2021-22959: Fixed HTTP Request Smuggling due to spaced in headers bsc1191601. - CVE-2021-22960: Fixed HTTP Request Smuggling when parsing the body bsc1191602. - CVE-2021-37701: Fixed arbitrary file creation and overwrite in nodejs-tar...

SUSE-SU-2021:3886-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: nodejs14 was updated to 14.18.1: deps: update llhttp to 2.1.4 Security fixes: - HTTP Request Smuggling due to spaced in headers bsc1191601, CVE-2021-22959 - HTTP Request Smuggling when parsing the body bsc1191602, CVE-2021-22960 Changes in...

Pterodactyl Cross-Site Request Forgery Vulnerability (CNVD-2021-90852)

Pterodactyl is an open source game server management panel built using PHP, Nodejs and Go. A cross-site request forgery vulnerability exists in Pterodactyl, which stems from the lack of proper CSRF protection in the product's routing configuration. An attacker could exploit the vulnerability to...

Low: Red Hat Security Advisory: Openshift Logging 5.1.4 bug fix and security update

An update is now available for OpenShift Logging 5.1.4. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

nodejs-ua-parser-js: Regular expression denial of service via the regex

A flaw was found in nodejs-ua-parser-js. The software is vulnerable to Regular Expression Denial of Service ReDoS via the regex for Redmi Phones and Mi Pad Tablets UA...

nodejs-glob-parent: Regular expression denial of service

A flaw was found in nodejs-glob-parent. The enclosure regex used to check for glob enclosures containing backslashes is vulnerable to Regular Expression Denial of Service attacks. This flaw allows an attacker to cause a denial of service if they can supply a malicious string to the glob-parent...

new module: nodejs:16

An update is available for nodejs-nodemon, nodejs, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This enhancement update adds the nodejs:16...

ALEA-2021:4200 new module: nodejs:16

This enhancement update adds the nodejs:16 module to AlmaLinuxas a Technology Preview. A future update will provide a Long Term Support LTS version of Node.js 16, which will be fully supported. BZ1953991 For detailed information on changes in this release, see the AlmaLinux Release Notes linked...

Rocket.Chat: Unintended information disclosure in the Hubot Log files

Dear Rocket.Chat Team While inspecting our logs I noticed, that the OAuth Tokens are leaked in plaintext in the logs. I wanted to draw your attention to this, as this is a security vulnerability. See the attached Screenshot for a redacted log excerpt. In my opinion, the best approach here would b...

Json-Ptr type obfuscation vulnerability

Json-Ptr is a full implementation of Json pointer Rfc 6901 for Nodejs and modern browsers. a security vulnerability exists in Json-Ptr, which stems from a design or implementation impropriety in the code development process of a web system or product. No details of the vulnerability are currently...

json-ptr 安全漏洞

Json-Ptr is a full implementation of Json pointer Rfc 6901 for Nodejs and modern browsers. a security vulnerability exists in Json-Ptr, which stems from a design or implementation impropriety in the code development process of a web system or product. No details of the vulnerability are currently...