Astra Linux - уязвимость в node-y18n

The package y18n before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to Prototype Pollution...

MiracleLinux 7 : rh-nodejs12-nodejs-12.19.1-2.el7 (AXSA:2020-959:05)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-959:05 advisory. nodejs-y18n: prototype pollution vulnerability CVE-2020-7774 c-ares: aresparsea,aaaareply insufficient naddrttls validation DoS CVE-2020-8277...

MiracleLinux 7 : rh-nodejs14-nodejs-14.15.4-2.el7 (AXSA:2021-1397:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1397:01 advisory. nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS CVE-2020-7754 nodejs-y18n: prototype pollution...

EUVD-2021-0643

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-7774

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution. CVE-2020-7774 Note that Nessus relies on the presence of the package as...

Rocky Linux 8 : nodejs:10 (RLSA-2021:0548)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:0548 advisory. - Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like ://:@::/...

Rocky Linux 8 : nodejs:12 (RLSA-2020:5499)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:5499 advisory. - An issue was discovered in ajv.validate in Ajv aka Another JSON Schema Validator 6.12.2. A carefully crafted JSON schema could be provided that allows...

Rocky Linux 8 : nodejs:14 (RLSA-2021:0551)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:0551 advisory. - An issue was discovered in ajv.validate in Ajv aka Another JSON Schema Validator 6.12.2. A carefully crafted JSON schema could be provided that allows...

Security Bulletin: Open Source Dependency Vulnerability

Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2020-7774 DESCRIPTION: Node.js y18n module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By sending a specially-crafted request, ...

SUSE CVE-2020-7774

The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution...

RHEL 7 : rh-nodejs12-nodejs (RHSA-2020:5305)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5305 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

RHEL 7 : rh-nodejs10-nodejs (RHSA-2021:0521)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0521 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

RHEL 7 : rh-nodejs14-nodejs (RHSA-2021:0421)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0421 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

OESA-2022-1769 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

Security Bulletin: CVE-2020-7774

Summary This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require'y18n'; y18n.setLocale'proto'; y18n.updateLocalepolluted: true; console.logpolluted; // true Vulnerability Details CVEID: CVE-2020-7774 DESCRIPTION: Node.js y18n module could allow a remote...

Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise and IBM Integration Bus (CVE-2020-7774)

Summary IBM App Connect Enterprise and IBM Integration Bus ship with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details CVEID: CVE-2020-7774 DESCRIPTION: Node.js y18n module could allow a remote attacker to execut...

Security Bulletin: Multiple Vulnerabilities in Node.js affects IBM Netcool Agile Service Manager

Summary Multiple vulnerabilities in Node.js used by IBM Netcool Agile Service Manager have been identified. Netcool Agile Service Manager has addressed these CVEs. Vulnerability Details CVEID: CVE-2021-3450 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused...

Security Bulletin: Prototype pollution flaw in y18n in IBM DataPower Gateway

Summary IBM has addressed the CVE Vulnerability Details CVEID: CVE-2020-7774 DESCRIPTION: Node.js y18n module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By sending a specially-crafted request, an attacker could exploit this...

openSUSE 15 Security Update : nodejs8 (openSUSE-SU-2021:1113-1)

"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1113-1 advisory. - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require'y18n' %NASLMINLEVEL 70300 C Tenable...

Security Bulletin: Potential vulnerability with Node.js

Summary A potential vulnerability has been identified related to Node.js. Refer to details for additional information. Vulnerability Details CVEID: CVE-2021-3450 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by a a missing check in the validation logic...