Critical Photon OS Security Update - PHSA-2021-0007

Updates of 'linux-aws', 'containerd', 'linux-secure', 'glib', 'libtiff', 'linux-rt', 'curl', 'linux', 'libvirt', 'openssl', 'mysql', 'wpasupplicant', 'apache-tomcat', 'python3', 'nodejs', 'docker' packages of Photon OS have been released...

Photon OS 4.0: Nodejs PHSA-2021-4.0-0007

An update of the nodejs package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-4.0-0007. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid148351;...

GHSA-MMHJ-4W6J-76H7 Misuse of `Reference` and other transferable APIs may lead to access to nodejs isolate

Versions of isolated-vm before v4.0.0, and especially before v3.0.0, have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the main nodejs isolate. Reference objects allow access to the underlying reference's full prototype chain. In an...

Critical Photon OS Security Update - PHSA-2021-4.0-0007

Updates of 'python3', 'linux', 'nodejs', 'libtiff', 'linux-aws', 'curl', 'docker', 'glib', 'openssl', 'wpasupplicant', 'libvirt', 'linux-rt', 'mysql', 'apache-tomcat', 'linux-secure', 'containerd' packages of Photon OS have been released...

MGASA-2021-0169 Updated nodejs-chownr packages fix security vulnerability

Updated nodejs-chownr package fixes security vulnerability: A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks CVE-2017-18869...

MGASA-2021-0170 Updated nodejs-yargs-parser packages fix security vulnerability

yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload CVE-2020-7608...

Updated nodejs-yargs-parser packages fix security vulnerability

yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload CVE-2020-7608...

Updated nodejs-chownr packages fix security vulnerability

Updated nodejs-chownr package fixes security vulnerability: A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks CVE-2017-18869...

CVE-2021-21421

node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-client v0.3.0 and later...

CVE-2021-21421

node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-client v0.3.0 and later...

Code injection

node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-client v0.3.0 and later...

CVE-2021-21421 ApiKey secret could be revelated on network issue

node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-client v0.3.0 and later...

CVE-2021-21421

CVE-2021-21421 affects the node-etsy-client (Node.js Etsy REST API client). The issue is that applications reporting client errors to end users could leak the API key value in error output. The root cause is tied to how error information is exposed to end users. Mitigation is to upgrade to node-e...

CVE-2020-28469

A flaw was found in nodejs-glob-parent. The enclosure regex used to check for glob enclosures containing backslashes is vulnerable to Regular Expression Denial of Service attacks. This flaw allows an attacker to cause a denial of service if they can supply a malicious string to the glob-parent...

Photon OS 3.0: Nodejs PHSA-2021-3.0-0213

An update of the nodejs package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-3.0-0213. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid148292;...

Important Photon OS Security Update - PHSA-2021-0213

Updates of 'nodejs', 'subversion', 'glib' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2021-3.0-0213

Updates of 'nodejs', 'subversion', 'glib' packages of Photon OS have been released...

CVE-2021-21413

isolated-vm is a library for nodejs which gives you access to v8's Isolate interface. Versions of isolated-vm before v4.0.0 have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the main nodejs isolate. Reference objects allow access to...

CVE-2021-21413

isolated-vm is a library for nodejs which gives you access to v8's Isolate interface. Versions of isolated-vm before v4.0.0 have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the main nodejs isolate. Reference objects allow access to...

Design/Logic Flaw

isolated-vm is a library for nodejs which gives you access to v8's Isolate interface. Versions of isolated-vm before v4.0.0 have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the main nodejs isolate. Reference objects allow access to...