MiracleLinux 7 : rh-nodejs12-nodejs-nodemon-2.0.3-1.el7, rh-nodejs12-nodejs-12.20.1-1.el7 (AXSA:2021-1451:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1451:01 advisory. nodejs-mixin-deep: prototype pollution in function mixin-deep CVE-2019-10746 nodejs-set-value: prototype pollution in function set-value...

MiracleLinux 7 : rh-nodejs14-nodejs-14.15.4-2.el7 (AXSA:2021-1397:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1397:01 advisory. nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS CVE-2020-7754 nodejs-y18n: prototype pollution...

Rocky Linux 8 : nodejs:12 (RLSA-2021:0549)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:0549 advisory. - The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker...

Rocky Linux 8 : nodejs:10 (RLSA-2021:0548)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:0548 advisory. - Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like ://:@::/...

Rocky Linux 8 : nodejs:14 (RLSA-2021:0551)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:0551 advisory. - An issue was discovered in ajv.validate in Ajv aka Another JSON Schema Validator 6.12.2. A carefully crafted JSON schema could be provided that allows...

SUSE CVE-2020-7754

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

RHEL 7 : rh-nodejs10-nodejs (RHSA-2021:0521)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0521 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

RHEL 7 : rh-nodejs14-nodejs (RHSA-2021:0421)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0421 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

Regular Expression Denial of Service

Overview npm-user-validate before 1.0.1 is vulnerable to regular expression denial of service. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters. Recommendation Upgrade to version 1.0.1 or later References - CVE - GitHub Advis...

Regular expression denial of service in npm-user-validate

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

@motowhere/nodemailer-mock-transport (=1.3.1), @nexdrew/newww (>=0.0.1 <=0.0.2) +27 more potentially affected by CVE-2020-7754 via npm-user-validate (>=0.0.3 <=0.1.5)

npm-user-validate NPM version =0.0.3, =0.0.1, =2.0.3, =3.1.0-alpha.0, =2.0.2, =2.0.1, =2.0.2, =2.0.2, =2.0.2, =2.0.2, =0.0.1, =0.0.29, =2.0.0, =0.4.0, =0.5.0 and more Source cves: CVE-2020-7754 Source advisory: OSV:GHSA-PW54-MH39-W3HC...

GHSA-PW54-MH39-W3HC Regular expression denial of service in npm-user-validate

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

Oracle Linux 8 : nodejs:14 (ELSA-2021-0551)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-0551 advisory. nodejs 1:14.15.4-2 - Add patch for yarn crash - Resolves: RHBZ1916465 1:14.15.4-1 - Security rebase to 14.15.4 -...

RHEL 8 : nodejs:10 (RHSA-2021:0548)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0548 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise and IBM Integration Bus (CVE-2020-7754)

Summary IBM App Connect Enterprise and IBM Integration Bus ship with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details Third Party Entry: 189917 DESCRIPTION: Node.js npm-user-validate module denial of service CVS...

CVE-2020-7754

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

CVE-2020-7754

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

CVE-2020-7754

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

Input validation

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...