Fedora 32 : marked (2020-d714c08261)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2020-d714c08261 advisory. New upstream release with bug and security fixes. Also, consolidates duplicate pakages marked and nodejs- marked. I tested upgrades from both, but m...

Joyent Node.js Buffer Overflow Vulnerability

Joyent Node.js is the United States Joyent company's set of web applications built on top of the Google V8 JavaScript engine platform. The platform is primarily used for building highly scalable applications and writing code that can handle tens of thousands of simultaneous connections to a singl...

RHEL 7 / 8 : Red Hat OpenShift Service Mesh (RHSA-2020:2362)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2362 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise...

Fedora 31 : marked (2020-5eca570e16)

The remote Fedora 31 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2020-5eca570e16 advisory. New upstream release with bug and security fixes. Also, consolidates duplicate pakages marked and nodejs- marked. I tested upgrades from both, but m...

GHSA-WH69-WC6Q-7888 Command injection in node-dns-sync

dns-sync through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input...

MGASA-2020-0230 Updated nodejs-set-value packages fix security vulnerability

Updated nodejs-set-value package fixes security vulnerability: A vulnerability was found in NOdejs set-value, where set-value is vulnerable to prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a...

Updated nodejs-set-value packages fix security vulnerability

Updated nodejs-set-value package fixes security vulnerability: A vulnerability was found in NOdejs set-value, where set-value is vulnerable to prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a...

Node.js third-party modules: [windows-edge] RCE via insecure command formatting

I would like to report a RCE issue in the windows-edge module. It allows to execute arbitrary commands remotely inside the victim's PC Module module name: windows-edge version: 1.0.1 npm page: https://www.npmjs.com/package/windows-edge Module Description Launch a new Microsoft Edge tab on Windows...

Node.js third-party modules: [plain-object-merge] Prototype pollution

I would like to report a prototype pollution vulnerability in plain-object-merge module. It allows an attacker to inject properties on Object.prototype. Module module name: plain-object-merge version: 1.0.1 npm page: https://www.npmjs.com/package/plain-object-merge Module Description Extremely fa...

Curlrequest OS Command Injection Vulnerability

curlrequest is a Node.js-based package for transferring data over URLs. An operating system command injection vulnerability exists in curlrequest 1.0.1 and earlier versions. An attacker can exploit this vulnerability to inject and execute arbitrary commands...

Debian: Security Advisory (DSA-4669-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: Red Hat Security Advisory: http-parser security update

An update for http-parser is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Burp Exporter - A Burp Suite Extension To Copy A Request To The Clipboard As Multiple Programming Languages Functions

Exporter is a Burp Suite extension to copy a request to the clipboard as multiple programming languages functions. You can export as: cURL Wget Python Request Perl LWP PHP HTTPRequest2 Go Native NodeJS Request jQuery AJAX PowerShell Requirements Jython = 2.7.1 Burp Suite import In Burp Suite, und...

Important Photon OS Security Update - PHSA-2020-0288

Updates of 'libgcrypt', 'yarn', 'python2', 'openvswitch', 'kubernetes', 'gnupg' packages of Photon OS have been released...

CVE-2019-10747

A flaw was found in nodejs-set-value. The function mixin-deep can be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or proto payloads. The highest threat from this vulnerability is to data confidentiality and integrity...

RHEL 8 : nodejs:10 (RHSA-2020:1343)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1343 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes...

RHEL 8 : nodejs:10 (RHSA-2020:1317)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1317 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes...

nodejs:10 security update

An update is available for nodejs-nodemon, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform for...

CVE-2018-20834

A flaw was found in nodejs-tar in versions prior to 4.4.2. An arbitrary file overwrite can occur when extracting tarballs containing a hard-link to a file that already exists in the system. Further, a file that matches the hard-link may overwrite the system's files with the contents of the...

nodejs:12 security update

An update is available for nodejs-nodemon, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform for...