CVE-2020-26237

A flaw was found in nodejs-highlight-js. Highlight.js is vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object's prototype during highlighting...

nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS

A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to a denial of service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This flaw allows attackers to exhaust system resources, leading to a denial of...

nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution

A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to arbitrary code execution. The package lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript into the system. This issue is used to...

nodejs-lodash: prototype pollution in zipObjectDeep function

A flaw was found in nodejs-lodash in versions 4.17.15 and earlier. A prototype pollution attack is possible which can lead to arbitrary code execution. The primary threat from this vulnerability is to data integrity and system availability...

Low: Red Hat Security Advisory: Red Hat Virtualization security, bug fix, and enhancement update

An update is now available for Red Hat Virtualization Engine 4.4. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link...

RHEL 8 : Red Hat Virtualization (RHSA-2020:5179)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5179 advisory. The org.ovirt.engine-root is a core component of oVirt. The following packages have been upgraded to a later upstream version: engine-db-que...

CVE-2020-7774

A flaw was found in nodejs-y18n. There is a prototype pollution vulnerability in y18n's locale functionality. If an attacker is able to provide untrusted input via locale, they may be able to cause denial of service or in rare circumstances, impact to data integrity or confidentiality...

nodejs:14 bug fix and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs14-nodejs 14.15.0. BZ1891809...

14 bug fix and enhancement update

An update is available for nodejs-nodemon, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform for...

CVE-2020-7768

A flaw was found in nodejs-grpc, where the package @grpc/grpc-js is vulnerable to Prototype Pollution via the loadPackageDefinition. The highest threat from this vulnerability is to system availability...

nodejs-dot-prop: prototype pollution

A prototype pollution flaw was found in nodejs-dot-prop. The function set could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or proto paths. The highest threat from this vulnerability is to data confidentiality and integrity as well a...

nodejs-dot-prop: prototype pollution

A prototype pollution flaw was found in nodejs-dot-prop. The function set could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or proto paths. The highest threat from this vulnerability is to data confidentiality and integrity as well a...

nodejs: HTTP request smuggling due to CR-to-Hyphen conversion

A flaw was found in Node.js, where affected Node.js versions converted carriage returns in HTTP request headers to a hyphen before parsing. This flaw leads to HTTP Request Smuggling as it is a non-standard interpretation of the header. The highest threat from this vulnerability is to...

RHEL 8 : nodejs:12 (RHSA-2020:4903)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4903 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

new module: nodejs:14

An update is available for nodejs-nodemon, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This enhancement update adds the nodejs:14 module to...

new module: nodejs:14

This enhancement update adds the nodejs:14 module to AlmaLinux BZ1815402 For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

Fedora: Security Advisory for nodejs (FEDORA-2020-c605353480)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for nodejs (FEDORA-2020-74bf23e1f1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-5977

NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure...

CVE-2020-5977

NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure...