SUSE-SU-2021:0650-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: New upstream LTS version 14.16.0: - CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion bsc1182619 - CVE-2021-22884: DNS rebinding in --inspect bsc1182620...

Debian: Security Advisory (DSA-4863-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-7M7Q-Q53V-J47V Regular Expression Denial of Service

A flaw was found in nodejs-marked versions from 0.5.0 to before 0.6.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. Input to the host variable is vulnerable when input contains parenthesis in link URIs, coupled with a high number of link tokens i...

Regular Expression Denial of Service

A flaw was found in nodejs-marked versions from 0.5.0 to before 0.6.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. Input to the host variable is vulnerable when input contains parenthesis in link URIs, coupled with a high number of link tokens i...

DNS Rebinding

nodejs is vulnerable to DNS rebinding attacks. The vulnerability exists in the inspector component allowing an attacker to bypass the DNS rebinding protection if the, said attacker controls the victim's DNS server or can spoof its responses...

Denial Of Service (DoS)

nodejs is vulnerable to denial of serviceDoS attacks. A remote attacker could cause memory exhaustion via too many connection attempts with an 'unknownProtocol' leading to system unavailability...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update

Red Hat OpenShift Container Platform release 4.7.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

DSA-4863-1 nodejs - security update

Bulletin has no description...

CentOS 8 : nodejs:10 (CESA-2021:0548)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:0548 advisory. - npm: sensitive information exposure through logs CVE-2020-15095 - nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function...

CVE-2021-22884

A flaw was found in nodejs. A denial of service is possible when the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS over the network. If the attacker controls the victim's DNS server or can spoof its response...

CVE-2021-22883

A flaw was found in nodejs. When too many connection attempts with an 'unknownProtocol' are established a leak of file descriptors can occur leading to a potential denial of service. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and...

Arbitrary Command Injection

Overview killport is an a nodejs module to kill any processes base on its port Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the...

Nodejs Security Vulnerabilities

nodejs is a JavaScript runtime environment based on the ChromeV8 engine by packaging the Chromev8 engine and the use of event-driven and non-blocking IO applications to make the development of high-performance Javascript background applications possible. A security vulnerability exists in Nodejs,...

nodejs:14 security and bug fix update

nodejs 1:14.15.4-2 - Add patch for yarn crash - Resolves: RHBZ1916465 1:14.15.4-1 - Security rebase to 14.15.4 - https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/ - Resolves: RHBZ1916463, RHBZ1914788 - Resolves: RHBZ1914785, RHBZ1916387, RHBZ1916389, RHBZ1916390, RHBZ191669...

nodejs:12 security update

nodejs 1:12.20.1-1 - Security rebase for January security release - https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/ - Resolves: RHBZ1916460, RHBZ1914786 - Resolves: RHBZ1914784, RHBZ1916396 nodejs-nodemon 2.0.3-1 - Resolves: RHBZ1921841, RHBZ1921843, RHBZ1921842 - Rebase ...

CVE-2021-23341

A flaw was found in nodejs-prismjs. A Regular Expression Denial of Service ReDoS is possible via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components...

Vulnerabilities fixed in Node.js

Vulnerabilities have been fixed in Node.js. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights Access to system data -= Red Hat =- Red Hat has...

CVE-2021-21315

The System Information Library for Node.JS npm package "systeminformation" is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. ...

nodejs: HTTP request smuggling via two copies of a header field in an http request

A flaw was found in nodejs. Affected versions of Node.js allow two copies of a header field in an HTTP request. The first header field is recognized while the second is ignored leading to HTTP request smuggling. The highest threat from this vulnerability is to data confidentiality and integrity...

nodejs-ini: Prototype pollution via malicious INI file

A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...