Moderate Photon OS Security Update - PHSA-2021-4.0-0074

Updates of 'nodejs' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2021-0074

Updates of 'nodejs' packages of Photon OS have been released...

Security Bulletin: Vulnerability in npm affects IBM VM Recovery Manager HA

Summary There is vulnerability in npm which affects IBM VM Recovery Manager HA Vulnerability Details CVEID: CVE-2019-16775 DESCRIPTION: npm CLI could allow a local attacker to bypass security restrictions, caused by an arbitrary file overwrite vulnerability. An attacker could exploit this...

Denial Of Service (DoS)

nodejs is vulnerable to Denial Of Service DoS. A use-after-free allows an attacker to corrupt memory that would cause an application crash and potentially allow arbitrary code execution...

CVE-2021-32796

A flaw was found in nodejs-xmldom. The xmldom library is an open-source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. Xmldom does not correctly escape special characters when serializing elements removed from their ancestor. This flaw may lead to...

nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode

A flaw was found in ssri package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service ReDoS. This issue only affects consumers using the strict option. The highest threat from this vulnerability is to availability...

nodejs-normalize-url: ReDoS for data URLs

A flaw was found in normalize-url. Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data...

nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()

A regular expression denial of service vulnerability was found in hosted-git-info. If an application allows user input into the affected regular expression regexp function, shortcutMatch or fromUrl, then an attacker could craft a regexp which takes an ever increasing amount of time to process,...

RHEL 7 : rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon (RHSA-2021:2932)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2932 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

RHEL 7 : rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon (RHSA-2021:2931)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2931 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

MGASA-2021-0372 Updated nodejs packages fix security vulnerabilities

This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require'y18n'; y18n.setLocale'proto'; y18n.updateLocalepolluted: true; console.logpolluted; // true CVE-2020-7774. The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Servic...

Updated nodejs packages fix security vulnerabilities

This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require'y18n'; y18n.setLocale'proto'; y18n.updateLocalepolluted: true; console.logpolluted; // true CVE-2020-7774. The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Servic...

nodejs-ua-parser-js: Regular expression denial of service via the regex

A flaw was found in nodejs-ua-parser-js. The software is vulnerable to Regular Expression Denial of Service ReDoS via the regex for Redmi Phones and Mi Pad Tablets UA...

nodejs-underscore: Arbitrary code execution via the template function

A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

Moderate: Red Hat Security Advisory: RHV Manager (ovirt-engine) security update [ovirt-4.4.7]

Updated ovirt-engine packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

RHEL 8 : RHV Manager (ovirt-engine) security update [ovirt-4.4.7] (Moderate) (RHSA-2021:2865)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2865 advisory. The ovirt-engine package provides the manager for virtualization environments. This manager enables admins to define hosts and networks, as...

[ASA-202107-33] nodejs-lts-erbium: multiple issues

Arch Linux Security Advisory ASA-202107-33 ========================================== Severity: High Date : 2021-07-20 CVE-ID : CVE-2021-22918 CVE-2021-23362 CVE-2021-27290 Package : nodejs-lts-erbium Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2128 Summary =====...

OPENSUSE-SU-2021:1059-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: - update to 12.22.2: - CVE-2021-22918: Out of bounds read bsc1187973 - CVE-2021-23362: ssri Regular Expression Denial of Service and hosted-git-info bsc1187977 - CVE-2021-27290: Regular Expression Denial of Service bsc1187976 - CVE-2021-3450:...

OPENSUSE-SU-2021:2354-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: Update nodejs14 to 14.17.2. Including fixes for: - CVE-2021-22918: libuv upgrade - Out of bounds read bsc1187973 - CVE-2021-27290: ssri Regular Expression Denial of Service bsc1187976 - CVE-2021-23362: hosted-git-info Regular Expression Denial ...

SUSE-SU-2021:2353-1 Security update for nodejs10

This update for nodejs10 fixes the following issues: Update nodejs10 to 10.24.1. Including fixes for - CVE-2021-22918: libuv upgrade - Out of bounds read bsc1187973 - CVE-2021-27290: ssri Regular Expression Denial of Service bsc1187976 - CVE-2021-23362: hosted-git-info Regular Expression Denial o...