CVE-2020-15138

A flaw was found in nodejs-prismjs. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code...

nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload

A flaw was found in nodejs-minimist, where it was tricked into adding or modifying properties of the Object.prototype using a "constructor" or "proto" payload. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

Important: Red Hat Security Advisory: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement update

Updated ovirt-engine packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Node.js third-party modules: [@knutkirkhorn/free-space] - Command Injection through Lack of Sanitization

I would like to report Command Injection in the free-space module. It allows arbitrary shell command execution on Unix-based systems Module module name: free-space version: 1.2.0 npm page: https://www.npmjs.com/package/free-space Module Description Get the amount of free space for a drive Module...

Important Photon OS Security Update - PHSA-2020-0269

Updates of 'nodejs' packages of Photon OS have been released...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0269

An update of 'nodejs' packages of Photon OS has been released...

Important Photon OS Security Update - PHSA-2020-0312

Updates of 'nodejs', 'nodejs10' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2020-3.0-0119

Updates of 'linux-aws', 'nodejs', 'linux-esx', 'linux', 'linux-secure', 'linux-rt', 'openjdk8', 'openjdk11' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2020-0119

Updates of 'openjdk11', 'linux-rt', 'linux-esx', 'openjdk8', 'linux', 'nodejs', 'linux-secure', 'linux-aws' packages of Photon OS have been released...

RHEL 7 : OpenShift Container Platform 3.11 (RHSA-2020:2992)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2992 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 3.11 security update

An update for atomic-openshift, atomic-openshift-web-console, and cri-o is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...

nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload

A flaw was found in nodejs-minimist, where it was tricked into adding or modifying properties of the Object.prototype using a "constructor" or "proto" payload. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload

A flaw was found in nodejs-minimist, where it was tricked into adding or modifying properties of the Object.prototype using a "constructor" or "proto" payload. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

Important: Red Hat Security Advisory: nodejs:10 security update

An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

RHEL 8 : nodejs:10 (RHSA-2020:3042)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3042 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

CVE-2020-15366

A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code...

CVE-2020-15779

A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path...

CVE-2020-8203

A flaw was found in nodejs-lodash in versions 4.17.15 and earlier. A prototype pollution attack is possible which can lead to arbitrary code execution. The primary threat from this vulnerability is to data integrity and system availability...

Remote Code Execution

nodejs is vulnerable to remote code execution. Memory corruption in napigetvaluestring functions allows an attacker to execute arbitrary code on the system remotely by writing instructions to heap memory or by corrupting the stack...

Photon OS 1.0: Nodejs PHSA-2020-1.0-0306

An update of the nodejs package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-1.0-0306. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid13844...