OESA-2021-1409 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

Fedora: Security Advisory for nodejs (FEDORA-2021-9818cabe0d)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for nodejs (FEDORA-2021-9807b754d9)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for nodejs (FEDORA-2021-cbad295a90)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

UBUNTU-CVE-2021-42740

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

[ASA-202110-5] nodejs-lts-fermium: multiple issues

Arch Linux Security Advisory ASA-202110-5 ========================================= Severity: High Date : 2021-10-21 CVE-ID : CVE-2021-22939 CVE-2021-22940 CVE-2021-22959 CVE-2021-22960 Package : nodejs-lts-fermium Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2284...

Important: Red Hat Security Advisory: Red Hat Quay v3.6.0 security, bug fix and enhancement update

An update is now available for Red Hat Quay 3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

HTTP Request Smuggling (HRS)

nodejs is vulnerable to HTTP Request Smuggling HRS. The vulnerability exists due to an error related to a space in headers which allows an attacker to poison the web cache, bypassing the web application...

Nodejs Core 环境问题漏洞

Nodejs Core is a core module compiled into Nodejs from the OpenJS Openjs Foundation. The module provides underlying TCP, HTTP, DNS, filesystem, subprocessing, and other functionality support for Nodejs. An environmental issue vulnerability exists in Nodejs Core that stems from an attacker being...

Path traversal

keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This wou...

CVE-2021-41117 Insecure random number generation

keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This wou...

AZL-6742 CVE-2021-22930 affecting package nodejs for versions less than 16.14.0-1

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior...

MGASA-2021-0463 Updated nodejs packages fix security vulnerability

Multiple security fixes for nodejs. See references for details...

Fastify: 1-click DOS in fastify-static via directly passing user's input to new URL() of NodeJS without try/catch

Summary: When fastify-static is mounted at root and registered the option redirect: true default of redirect option is false, the following line directly feed user's input which is req.raw.url to URL API without try/catch: https://github.com/fastify/fastify-static/blob/master/index.jsL439. A remo...

inflect vulnerable to Inefficient Regular Expression Complexity

inflect is customizable inflections for nodejs. inflect is vulnerable to Inefficient Regular Expression Complexity...

nodejs: Use-after-free on close http2 on stream canceling

A flaw was found in Node.js, where it is vulnerable to a use-after-free attack. This flaw allows an attacker to exploit memory corruption to change process behavior. The highest threat from this vulnerability is to confidentiality and integrity...

nodejs: Incomplete validation of tls rejectUnauthorized parameter

A flaw was found in Node.js. If the Node.js HTTPS API is used incorrectly and "undefined" is passed for the "rejectUnauthorized" parameter, no error is returned, and the connections to servers with an expired certificate are accepted. The highest threat from this vulnerability is to integrity...

Important: nodejs:14 security and bug fix update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22940...

nodejs:14 security and bug fix update

nodejs 1:14.17.5-1 - Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, CVE-2021-22940, - CVE-2021-23343, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672 - Resolves RHBZ1847529 make FIPS always available - Resolves: RHBZ1988599, RHBZ1994000, RHBZ1993998, RHBZ1993095 - Resolves: RHBZ1994028,...

CentOS 8 : nodejs:14 (CESA-2021:3666)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:3666 advisory. - nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930, CVE-2021-22940 - nodejs: Improper handling of untypical characters in domai...