nodejs:12 security update

An update is available for nodejs-nodemon, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform for...

ALSA-2020:0598 Important: nodejs:12 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 12.16.1. Security Fixes: nodejs: HTTP request smuggling using malformed...

SUSE-SU-2020:0455-1 Security update for nodejs10

This update for nodejs10 fixes the following issues: nodejs10 was updated to version 10.19.0. Security issues fixed: - CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string CVE-2019-15604, bsc1163104. - CVE-2019-15605: Fixed an HTTP request...

nodejs: HTTP header values do not have trailing optional whitespace trimmed

A flaw was found in Node.js where the HTTPs header values were not stripped of trailing whitespace. An attacker can use this flaw to send an HTTPs request which is validated by an upstream proxy server, but not by the Node.js HTTPs server...

Photon OS 3.0: Nodejs PHSA-2020-3.0-0060

An update of the nodejs package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-3.0-0060. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid133956;...

RHEL 8 : nodejs:10 (RHSA-2020:0573)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0573 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

Important: Red Hat Security Advisory: nodejs:10 security update

An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string

An encoding error flaw exists in the Node.js code that is used to read a peer certificate in the TLS client authentication. An attacker can use this flaw to crash the process used to handle TLS client authentication...

nodejs: HTTP request smuggling using malformed Transfer-Encoding header

A flaw was found in the Node.js code where a specially crafted HTTPs request sent to a Node.js server failed to properly process the HTTPs headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is...

Fedora 30 : 1:nodejs / http-parser (2020-830d8a1a92)

Update to 10.19.0 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security, Inc...

Fedora: Security Advisory for nodejs (FEDORA-2020-830d8a1a92)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Critical Photon OS Security Update - PHSA-2020-0060

Updates of 'nodejs' packages of Photon OS have been released...

Critical Photon OS Security Update - PHSA-2020-3.0-0060

Updates of 'nodejs' packages of Photon OS have been released...

Node.js third-party modules: [utils-extend] Prototype pollution

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! I would like to report prototype poluti...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0210

An update of 'nodejs' packages of Photon OS has been released...

AZL-44064 CVE-2019-10795 affecting package nodejs-nodemon 2.0.3-5

undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' function could be tricked into adding or modifying properties of Object.prototype using a proto payload...

Important: Red Hat Security Advisory: Red Hat Quay v3.2.1 security update

An update is now available for Red Hat Quay 3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Fedora 30 : nodejs-mixin-deep (2020-4a8f110332)

Update to upstream 1.3.2 release for CVE-2019-10746 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora 31 : nodejs-mixin-deep (2020-f80e5c0d65)

Update to upstream 1.3.2 release for CVE-2019-10746 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora 31 : 1:libuv / 1:nodejs / nghttp2 (2020-3838c8ea98)

Update to Node.js 12.15.0 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network...