Описание
Moderate: nodejs:12 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (12.20.1), nodejs-nodemon (2.0.3).
Security Fix(es):
-
nodejs-mixin-deep: prototype pollution in function mixin-deep (CVE-2019-10746)
-
nodejs-set-value: prototype pollution in function set-value (CVE-2019-10747)
-
nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS (CVE-2020-7754)
-
nodejs-ini: prototype pollution via malicious INI file (CVE-2020-7788)
-
nodejs: use-after-free in the TLS implementation (CVE-2020-8265)
-
nodejs: HTTP request smuggling via two copies of a header field in an http request (CVE-2020-8287)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Затронутые продукты
Rocky Linux 8
Ссылки на источники
Исправления
- Red Hat - 1795475
- Red Hat - 1795479
- Red Hat - 1892430
- Red Hat - 1907444
- Red Hat - 1912854
- Red Hat - 1912863
Связанные уязвимости
The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.
The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.
The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.
The utilities function in all versions <= 0.5.0 of the deep-extend nod ...