nodejs: Use-after-free on close http2 on stream canceling

A flaw was found in Node.js, where it is vulnerable to a use-after-free attack. This flaw allows an attacker to exploit the memory corruption, which causes a change in the process behavior. The highest threat from this vulnerability is to confidentiality and integrity...

nodejs: Use-after-free on close http2 on stream canceling

A flaw was found in Node.js, where it is vulnerable to a use-after-free attack. This flaw allows an attacker to exploit memory corruption to change process behavior. The highest threat from this vulnerability is to confidentiality and integrity...

nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe

A flaw was found in nodejs-path-parse. All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

RHEL 8 : nodejs:12 (RHSA-2021:3623)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3623 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

tmpl vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion

nodejs-tmpl is simple string formatting. tmpl is vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion...

GHSA-JGRX-MGXX-JF9V tmpl vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion

nodejs-tmpl is simple string formatting. tmpl is vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion...

CVE-2021-23440

A type confusion vulnerability in nodejs-set-value can lead to a bypass of CVE-2019-10747. If the user-provided keys used in the path parameter are arrays, the function mixin-deep can be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or...

CVE-2021-3777

nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity...

CVE-2021-3777

CVE-2021-3777: nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity (ReDoS). IBM X-Force lists CVSS v3.1 base score 7.5 (HIGH) with Network attack vector, no user interaction, and Availability impact. No remediation details are provided in the supplied documents.

CVE-2021-3777 Inefficient Regular Expression Complexity in daaku/nodejs-tmpl

nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity...

nodejs-tmpl 安全漏洞

nodejs is a JavaScript runtime environment based on the ChromeV8 engine, by packaging the Chromev8 engine and the use of event-driven and non-blocking IO applications make it possible to develop high-performance background applications in Javascript. A security vulnerability exists in nodejs-tmpl...

CVE-2021-22940 affecting package nodejs 14.17.2-1

CVE-2021-22940 affecting package nodejs 14.17.2-1. An upgraded version of the package is available that resolves this issue...

CVE-2021-22939 affecting package nodejs 14.17.2-1

CVE-2021-22939 affecting package nodejs 14.17.2-1. An upgraded version of the package is available that resolves this issue...

Moderate: Red Hat Security Advisory: Red Hat Virtualization Host security and bug fix update [ovirt-4.4.8]

An update for cockpit-ovirt, ovirt-host, ovirt-hosted-engine-ha, ovirt-hosted-engine-setup, and vdsm is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring...

CVE-2021-39199

CVE-2021-39199 concerns the remark-html Node.js library. The root cause is unsafe default behavior: user input could bypass sanitization, allowing arbitrary HTML and potential XSS. The vulnerability is addressed in versions 13.0.2 and 14.0.1 where safe-by-default behavior was implemented, alignin...

Inefficient Regular Expression Complexity in daaku/nodejs-tmpl

✍️ Description It allows cause a denial of service when formatting crafted string. 🕵️‍♂️ Proof of Concept // PoC.js var tmpl = require"tmpl" forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr = ""+"".repeati10000+"answer"; tmplattackstr, answer: 42 var timecost = Date.now - time;...

CVE-2021-39134

A flaw was found in nodejs-arborist. On case-insensitive file systems such as macOS and Windows, Arborist’s internal data structure did not see multiple dependencies as separate items that could coexist within the same level in the nodemodules hierarchy when they differ only in the case of their...

openSUSE 15 Security Update : nodejs12 (openSUSE-SU-2021:1214-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1214-1 advisory. - nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 - Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to...

CVE-2021-3749

A Regular Expression Denial of Service ReDoS vulnerability was found in the nodejs axios. This flaw allows an attacker to provide crafted input to the trim function, which might cause high resources consumption and as a consequence lead to denial of service. The highest threat from this...

CVE-2021-23434

Prototype pollution has been discovered in object-path NodeJS library. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'...