nodejs:12 security update

nodejs 1:12.16.1-2 - Fix CVE-2020-10531 1:12.16.1-1 - Resolves: RHBZ1800393, RHBZ1800394, RHBZ1800380 - Rebase to 12.16.1 1:12.14.1-1 - Rebase to 12.14.1 1:12.13.1-1 - Resolves: RHBZ 1773503, update to 12.13.1 - minor clean up and sync with Fedora spec - turn off debug builds 1:12.4.0-2 -...

generate-gh-repo (=1.1.0), generate-project (>=0.7.0 <=1.0.0) +1 more potentially affected by CVE-2020-7630 via git-add-remote (=1.0.0)

git-add-remote NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on git-add-remote and may be impacted: - generate-gh-repo =1.1.0 - generate-project =0.7.0, =1.0.4, =1.0.6 Source cves: CVE-2020-7630 Source advisory:...

CVE-2019-10746

A flaw was found in Nodejs's mixin-deep prior to versions 1.3.2 and 2.0.0. The mixin-deep function could be used to add or modify properties of the Object.prototype. The highest threat from this vulnerability is to system availability...

CVE-2019-4001

Improper input validation in Druva inSync Client 6.5.0 allows a local, authenticated attacker to execute arbitrary NodeJS code...

Input validation

Improper input validation in Druva inSync Client 6.5.0 allows a local, authenticated attacker to execute arbitrary NodeJS code...

CVE-2019-4001

CVE-2019-4001 affects Druva inSync Client 6.5.0. The issue is an improper input validation vulnerability that allows a local, authenticated attacker to execute arbitrary NodeJS code. Root cause and detailed exploit steps are not provided in the connected documents. The CVSS metrics indicate a loc...

AZL-44310 CVE-2020-7598 affecting package nodejs-nodemon 2.0.3-5

minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload...

http-parser security update

2.8.0-5.2 - Do not break ABI with CVE-2019-15605 fix 2.8.0-5.1 - Resolves: CVE-2019-15605 http-parser: nodejs: HTTP request smuggling using malformed Transfer-Encoding header...

Elastic Stack 6.8.7 and 7.6.1 security update

Kibana Node.js security flaws ESA-2020-01 The version of Node.js shipped in all versions of Kibana prior to 7.6.1 and 6.8.7 contain three security flaws. CVE-2019-15604 describes a Denial of Service DoS flaw in the TLS handling code of Node.js. Successful exploitation of this flaw could result in...

Important: Red Hat Security Advisory: http-parser security update

An update for http-parser is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

nodejs: HTTP request smuggling using malformed Transfer-Encoding header

A flaw was found in the Node.js code where a specially crafted HTTPs request sent to a Node.js server failed to properly process the HTTPs headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is...

TwitWork - Monitor Twitter Stream

Monitor twitter stream. TwitWork use the twitter stream which allows you to have a tweets in real-time. There is an input that allows you to filter the flow on one or more keywords or on an @ based on twitter tracking Demo This is a demo of export data on keyword "Coronavirius"...

RHEL 8 : nodejs:10 (RHSA-2020:0579)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0579 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

nodejs:12 security update

nodejs 1:12.16.1-1 - Resolves: RHBZ1800393, RHBZ1800394, RHBZ1800380 - Rebase to 12.16.1 nodejs-nodemon nodejs-packaging...

RHEL 8 : nodejs:12 (RHSA-2020:0598)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0598 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

Photon OS 2.0: Nodejs PHSA-2020-2.0-0210

An update of the nodejs package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-2.0-0210. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid13408...

nodejs: HTTP header values do not have trailing optional whitespace trimmed

A flaw was found in Node.js where the HTTPs header values were not stripped of trailing whitespace. An attacker can use this flaw to send an HTTPs request which is validated by an upstream proxy server, but not by the Node.js HTTPs server...

nodejs: HTTP header values do not have trailing optional whitespace trimmed

A flaw was found in Node.js where the HTTPs header values were not stripped of trailing whitespace. An attacker can use this flaw to send an HTTPs request which is validated by an upstream proxy server, but not by the Node.js HTTPs server...

nodejs: HTTP request smuggling using malformed Transfer-Encoding header

A flaw was found in the Node.js code where a specially crafted HTTPs request sent to a Node.js server failed to properly process the HTTPs headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is...

nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string

An encoding error flaw exists in the Node.js code that is used to read a peer certificate in the TLS client authentication. An attacker can use this flaw to crash the process used to handle TLS client authentication...