Headline
RHEA-2022:5139: Red Hat Enhancement Advisory: nodejs:12 bug fix and enhancement update
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability
- CVE-2021-22959: llhttp: HTTP Request Smuggling due to spaces in headers
- CVE-2021-22960: llhttp: HTTP Request Smuggling when parsing the body of chunked requests
- CVE-2021-37701: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite
- CVE-2021-37712: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite
- CVE-2021-44531: nodejs: Improper handling of URI Subject Alternative Names
- CVE-2021-44532: nodejs: Certificate Verification Bypass via String Injection
- CVE-2021-44533: nodejs: Incorrect handling of certificate subject and issuer fields
- CVE-2022-21824: nodejs: Prototype pollution via console.table properties
Synopsis
nodejs:12 bug fix and enhancement update
Type/Severity
Product Enhancement Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.
Description
Node.js is a software development platform for building fast and scalable
network applications in the JavaScript programming language.
Bug Fix(es) and Enhancement(s):
- nodejs:12/nodejs: rebase to last upstream release (BZ#2084651)
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat Enterprise Linux Server - AUS 8.6 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.6 x86_64
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
Fixes
- BZ - 2084651 - nodejs:12/nodejs: rebase to last upstream release [rhel-8.6.0.z]
CVEs
- CVE-2021-3918
- CVE-2021-22959
- CVE-2021-22960
- CVE-2021-37701
- CVE-2021-37712
- CVE-2021-44531
- CVE-2021-44532
- CVE-2021-44533
- CVE-2022-21824
Red Hat Enterprise Linux for x86_64 8
SRPM
nodejs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.src.rpm
SHA-256: 129ed0d7155d40efa4a13b978394d9171ef396add24b37d15f865b0c5c0580fa
nodejs-nodemon-2.0.3-1.module+el8.4.0+11732+c668cc9f.src.rpm
SHA-256: e7a4c8f73a24729add70852acb7751c7b1fe92a6c56c69bd93c04a728000ff8c
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.src.rpm
SHA-256: b5eaa2d432ac0bbe70436e11c5d4caa25fb3cd4f19e47fd8ba146fd7b1bc92c8
x86_64
nodejs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.x86_64.rpm
SHA-256: 49e377ee0dc96cd78d1e7b388503008bf778e15f30f1172625cee36b16e25385
nodejs-debuginfo-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.x86_64.rpm
SHA-256: 11a17dfcb5d0a7d4e7c53cce3b937a03db47c23aa0507b508983ee5d98d52e6b
nodejs-debugsource-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.x86_64.rpm
SHA-256: 58c344ac812be44b4032889a6a33dd807357c08259aa6296f178f5a355c0eb78
nodejs-devel-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.x86_64.rpm
SHA-256: 106853091015abdad53150c0ad7fa40251874c3aceb2c50d0c8c9b6611620021
nodejs-docs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.noarch.rpm
SHA-256: 37e220b4c1a64c5965dcdc76e101904f367e55c02f41b6ac8d9e5e3e45eb752c
nodejs-full-i18n-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.x86_64.rpm
SHA-256: 23be4f5233a8413a948d71caf8cc3af9e687bf82fb6ff0cd72ac43d20fc8b17c
nodejs-nodemon-2.0.3-1.module+el8.4.0+11732+c668cc9f.noarch.rpm
SHA-256: 8b7935a5613573ea905791996f97b2f53e45421dce5a0bb94b529f1a15eb5533
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.noarch.rpm
SHA-256: f8f0d58c915a6869e7c86c1571dada11513955c24f68dca6db34ea2eda2635af
npm-6.14.16-1.12.22.12.1.module+el8.6.0+15324+1f2c5d8d.x86_64.rpm
SHA-256: e5f1fc33f7cf19ce999e800091dc917f8aac889dd7f72905144852e4f3c7fa46
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6
SRPM
nodejs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.src.rpm
SHA-256: 129ed0d7155d40efa4a13b978394d9171ef396add24b37d15f865b0c5c0580fa
nodejs-nodemon-2.0.3-1.module+el8.4.0+11732+c668cc9f.src.rpm
SHA-256: e7a4c8f73a24729add70852acb7751c7b1fe92a6c56c69bd93c04a728000ff8c
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.src.rpm
SHA-256: b5eaa2d432ac0bbe70436e11c5d4caa25fb3cd4f19e47fd8ba146fd7b1bc92c8
x86_64
nodejs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.x86_64.rpm
SHA-256: 49e377ee0dc96cd78d1e7b388503008bf778e15f30f1172625cee36b16e25385
nodejs-debuginfo-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.x86_64.rpm
SHA-256: 11a17dfcb5d0a7d4e7c53cce3b937a03db47c23aa0507b508983ee5d98d52e6b
nodejs-debugsource-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.x86_64.rpm
SHA-256: 58c344ac812be44b4032889a6a33dd807357c08259aa6296f178f5a355c0eb78
nodejs-devel-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.x86_64.rpm
SHA-256: 106853091015abdad53150c0ad7fa40251874c3aceb2c50d0c8c9b6611620021
nodejs-docs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.noarch.rpm
SHA-256: 37e220b4c1a64c5965dcdc76e101904f367e55c02f41b6ac8d9e5e3e45eb752c
nodejs-full-i18n-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.x86_64.rpm
SHA-256: 23be4f5233a8413a948d71caf8cc3af9e687bf82fb6ff0cd72ac43d20fc8b17c
nodejs-nodemon-2.0.3-1.module+el8.4.0+11732+c668cc9f.noarch.rpm
SHA-256: 8b7935a5613573ea905791996f97b2f53e45421dce5a0bb94b529f1a15eb5533
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.noarch.rpm
SHA-256: f8f0d58c915a6869e7c86c1571dada11513955c24f68dca6db34ea2eda2635af
npm-6.14.16-1.12.22.12.1.module+el8.6.0+15324+1f2c5d8d.x86_64.rpm
SHA-256: e5f1fc33f7cf19ce999e800091dc917f8aac889dd7f72905144852e4f3c7fa46
Red Hat Enterprise Linux Server - AUS 8.6
SRPM
nodejs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.src.rpm
SHA-256: 129ed0d7155d40efa4a13b978394d9171ef396add24b37d15f865b0c5c0580fa
nodejs-nodemon-2.0.3-1.module+el8.4.0+11732+c668cc9f.src.rpm
SHA-256: e7a4c8f73a24729add70852acb7751c7b1fe92a6c56c69bd93c04a728000ff8c
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.src.rpm
SHA-256: b5eaa2d432ac0bbe70436e11c5d4caa25fb3cd4f19e47fd8ba146fd7b1bc92c8
x86_64
nodejs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.x86_64.rpm
SHA-256: 49e377ee0dc96cd78d1e7b388503008bf778e15f30f1172625cee36b16e25385
nodejs-debuginfo-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.x86_64.rpm
SHA-256: 11a17dfcb5d0a7d4e7c53cce3b937a03db47c23aa0507b508983ee5d98d52e6b
nodejs-debugsource-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.x86_64.rpm
SHA-256: 58c344ac812be44b4032889a6a33dd807357c08259aa6296f178f5a355c0eb78
nodejs-devel-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.x86_64.rpm
SHA-256: 106853091015abdad53150c0ad7fa40251874c3aceb2c50d0c8c9b6611620021
nodejs-docs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.noarch.rpm
SHA-256: 37e220b4c1a64c5965dcdc76e101904f367e55c02f41b6ac8d9e5e3e45eb752c
nodejs-full-i18n-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.x86_64.rpm
SHA-256: 23be4f5233a8413a948d71caf8cc3af9e687bf82fb6ff0cd72ac43d20fc8b17c
nodejs-nodemon-2.0.3-1.module+el8.4.0+11732+c668cc9f.noarch.rpm
SHA-256: 8b7935a5613573ea905791996f97b2f53e45421dce5a0bb94b529f1a15eb5533
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.noarch.rpm
SHA-256: f8f0d58c915a6869e7c86c1571dada11513955c24f68dca6db34ea2eda2635af
npm-6.14.16-1.12.22.12.1.module+el8.6.0+15324+1f2c5d8d.x86_64.rpm
SHA-256: e5f1fc33f7cf19ce999e800091dc917f8aac889dd7f72905144852e4f3c7fa46
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
nodejs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.src.rpm
SHA-256: 129ed0d7155d40efa4a13b978394d9171ef396add24b37d15f865b0c5c0580fa
nodejs-nodemon-2.0.3-1.module+el8.4.0+11732+c668cc9f.src.rpm
SHA-256: e7a4c8f73a24729add70852acb7751c7b1fe92a6c56c69bd93c04a728000ff8c
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.src.rpm
SHA-256: b5eaa2d432ac0bbe70436e11c5d4caa25fb3cd4f19e47fd8ba146fd7b1bc92c8
s390x
nodejs-docs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.noarch.rpm
SHA-256: 37e220b4c1a64c5965dcdc76e101904f367e55c02f41b6ac8d9e5e3e45eb752c
nodejs-nodemon-2.0.3-1.module+el8.4.0+11732+c668cc9f.noarch.rpm
SHA-256: 8b7935a5613573ea905791996f97b2f53e45421dce5a0bb94b529f1a15eb5533
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.noarch.rpm
SHA-256: f8f0d58c915a6869e7c86c1571dada11513955c24f68dca6db34ea2eda2635af
nodejs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.s390x.rpm
SHA-256: 00622f4c20c67d0a8a30d59c790ea75f4c4834b496e21daa0d4db6e0211dfd6f
nodejs-debuginfo-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.s390x.rpm
SHA-256: 09266f5491e688795fd5a24ad16c0618e70401c5ef4334634d4a28a26e170092
nodejs-debugsource-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.s390x.rpm
SHA-256: 5ebaaccadb3b9bbd5dd07b144393adf109bf9b0d8680fe7e49c35b11f081dc3f
nodejs-devel-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.s390x.rpm
SHA-256: 94bf6409e53bc0f9c4aa4d683b92a5f55e4ea072424e9afc04896850d6edbcbb
nodejs-full-i18n-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.s390x.rpm
SHA-256: 658e3f30a3b995a0bcd4bc37441d37446c3aca07226fb5b6b3fb496b59cb4082
npm-6.14.16-1.12.22.12.1.module+el8.6.0+15324+1f2c5d8d.s390x.rpm
SHA-256: 221f1be2fa2c8f28bd2603581acb18afa54e7440a4672710198746cc53473431
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6
SRPM
nodejs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.src.rpm
SHA-256: 129ed0d7155d40efa4a13b978394d9171ef396add24b37d15f865b0c5c0580fa
nodejs-nodemon-2.0.3-1.module+el8.4.0+11732+c668cc9f.src.rpm
SHA-256: e7a4c8f73a24729add70852acb7751c7b1fe92a6c56c69bd93c04a728000ff8c
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.src.rpm
SHA-256: b5eaa2d432ac0bbe70436e11c5d4caa25fb3cd4f19e47fd8ba146fd7b1bc92c8
s390x
nodejs-docs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.noarch.rpm
SHA-256: 37e220b4c1a64c5965dcdc76e101904f367e55c02f41b6ac8d9e5e3e45eb752c
nodejs-nodemon-2.0.3-1.module+el8.4.0+11732+c668cc9f.noarch.rpm
SHA-256: 8b7935a5613573ea905791996f97b2f53e45421dce5a0bb94b529f1a15eb5533
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.noarch.rpm
SHA-256: f8f0d58c915a6869e7c86c1571dada11513955c24f68dca6db34ea2eda2635af
nodejs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.s390x.rpm
SHA-256: 00622f4c20c67d0a8a30d59c790ea75f4c4834b496e21daa0d4db6e0211dfd6f
nodejs-debuginfo-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.s390x.rpm
SHA-256: 09266f5491e688795fd5a24ad16c0618e70401c5ef4334634d4a28a26e170092
nodejs-debugsource-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.s390x.rpm
SHA-256: 5ebaaccadb3b9bbd5dd07b144393adf109bf9b0d8680fe7e49c35b11f081dc3f
nodejs-devel-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.s390x.rpm
SHA-256: 94bf6409e53bc0f9c4aa4d683b92a5f55e4ea072424e9afc04896850d6edbcbb
nodejs-full-i18n-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.s390x.rpm
SHA-256: 658e3f30a3b995a0bcd4bc37441d37446c3aca07226fb5b6b3fb496b59cb4082
npm-6.14.16-1.12.22.12.1.module+el8.6.0+15324+1f2c5d8d.s390x.rpm
SHA-256: 221f1be2fa2c8f28bd2603581acb18afa54e7440a4672710198746cc53473431
Red Hat Enterprise Linux for Power, little endian 8
SRPM
nodejs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.src.rpm
SHA-256: 129ed0d7155d40efa4a13b978394d9171ef396add24b37d15f865b0c5c0580fa
nodejs-nodemon-2.0.3-1.module+el8.4.0+11732+c668cc9f.src.rpm
SHA-256: e7a4c8f73a24729add70852acb7751c7b1fe92a6c56c69bd93c04a728000ff8c
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.src.rpm
SHA-256: b5eaa2d432ac0bbe70436e11c5d4caa25fb3cd4f19e47fd8ba146fd7b1bc92c8
ppc64le
nodejs-docs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.noarch.rpm
SHA-256: 37e220b4c1a64c5965dcdc76e101904f367e55c02f41b6ac8d9e5e3e45eb752c
nodejs-nodemon-2.0.3-1.module+el8.4.0+11732+c668cc9f.noarch.rpm
SHA-256: 8b7935a5613573ea905791996f97b2f53e45421dce5a0bb94b529f1a15eb5533
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.noarch.rpm
SHA-256: f8f0d58c915a6869e7c86c1571dada11513955c24f68dca6db34ea2eda2635af
nodejs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.ppc64le.rpm
SHA-256: 10a4501c5743573fff02a2efc832f076aa18c41ce9bceba3616c4943aec06ab1
nodejs-debuginfo-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.ppc64le.rpm
SHA-256: 1779e5bb1f76cc63072448ab1100ef61e076febf956ee74e2d45cae3351e83a5
nodejs-debugsource-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.ppc64le.rpm
SHA-256: 7409d395823f131499325b972ef3eaa022cc17ab2cf25f72ea921d5ce4c32f09
nodejs-devel-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.ppc64le.rpm
SHA-256: 55e486a24b767cb01031aefdd4c0e19e1e01aa83325a7e0cab03bea3f036cd4b
nodejs-full-i18n-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.ppc64le.rpm
SHA-256: 33a488deb357cbf084e6c1099276eff169359c132caf2c36072cc997d6d31979
npm-6.14.16-1.12.22.12.1.module+el8.6.0+15324+1f2c5d8d.ppc64le.rpm
SHA-256: a178ff80df703628e4b5dc361e0af2bdfc50880cb24789b372bd9e0ab92e8d17
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6
SRPM
nodejs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.src.rpm
SHA-256: 129ed0d7155d40efa4a13b978394d9171ef396add24b37d15f865b0c5c0580fa
nodejs-nodemon-2.0.3-1.module+el8.4.0+11732+c668cc9f.src.rpm
SHA-256: e7a4c8f73a24729add70852acb7751c7b1fe92a6c56c69bd93c04a728000ff8c
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.src.rpm
SHA-256: b5eaa2d432ac0bbe70436e11c5d4caa25fb3cd4f19e47fd8ba146fd7b1bc92c8
ppc64le
nodejs-docs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.noarch.rpm
SHA-256: 37e220b4c1a64c5965dcdc76e101904f367e55c02f41b6ac8d9e5e3e45eb752c
nodejs-nodemon-2.0.3-1.module+el8.4.0+11732+c668cc9f.noarch.rpm
SHA-256: 8b7935a5613573ea905791996f97b2f53e45421dce5a0bb94b529f1a15eb5533
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.noarch.rpm
SHA-256: f8f0d58c915a6869e7c86c1571dada11513955c24f68dca6db34ea2eda2635af
nodejs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.ppc64le.rpm
SHA-256: 10a4501c5743573fff02a2efc832f076aa18c41ce9bceba3616c4943aec06ab1
nodejs-debuginfo-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.ppc64le.rpm
SHA-256: 1779e5bb1f76cc63072448ab1100ef61e076febf956ee74e2d45cae3351e83a5
nodejs-debugsource-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.ppc64le.rpm
SHA-256: 7409d395823f131499325b972ef3eaa022cc17ab2cf25f72ea921d5ce4c32f09
nodejs-devel-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.ppc64le.rpm
SHA-256: 55e486a24b767cb01031aefdd4c0e19e1e01aa83325a7e0cab03bea3f036cd4b
nodejs-full-i18n-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.ppc64le.rpm
SHA-256: 33a488deb357cbf084e6c1099276eff169359c132caf2c36072cc997d6d31979
npm-6.14.16-1.12.22.12.1.module+el8.6.0+15324+1f2c5d8d.ppc64le.rpm
SHA-256: a178ff80df703628e4b5dc361e0af2bdfc50880cb24789b372bd9e0ab92e8d17
Red Hat Enterprise Linux Server - TUS 8.6
SRPM
nodejs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.src.rpm
SHA-256: 129ed0d7155d40efa4a13b978394d9171ef396add24b37d15f865b0c5c0580fa
nodejs-nodemon-2.0.3-1.module+el8.4.0+11732+c668cc9f.src.rpm
SHA-256: e7a4c8f73a24729add70852acb7751c7b1fe92a6c56c69bd93c04a728000ff8c
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.src.rpm
SHA-256: b5eaa2d432ac0bbe70436e11c5d4caa25fb3cd4f19e47fd8ba146fd7b1bc92c8
x86_64
nodejs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.x86_64.rpm
SHA-256: 49e377ee0dc96cd78d1e7b388503008bf778e15f30f1172625cee36b16e25385
nodejs-debuginfo-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.x86_64.rpm
SHA-256: 11a17dfcb5d0a7d4e7c53cce3b937a03db47c23aa0507b508983ee5d98d52e6b
nodejs-debugsource-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.x86_64.rpm
SHA-256: 58c344ac812be44b4032889a6a33dd807357c08259aa6296f178f5a355c0eb78
nodejs-devel-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.x86_64.rpm
SHA-256: 106853091015abdad53150c0ad7fa40251874c3aceb2c50d0c8c9b6611620021
nodejs-docs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.noarch.rpm
SHA-256: 37e220b4c1a64c5965dcdc76e101904f367e55c02f41b6ac8d9e5e3e45eb752c
nodejs-full-i18n-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.x86_64.rpm
SHA-256: 23be4f5233a8413a948d71caf8cc3af9e687bf82fb6ff0cd72ac43d20fc8b17c
nodejs-nodemon-2.0.3-1.module+el8.4.0+11732+c668cc9f.noarch.rpm
SHA-256: 8b7935a5613573ea905791996f97b2f53e45421dce5a0bb94b529f1a15eb5533
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.noarch.rpm
SHA-256: f8f0d58c915a6869e7c86c1571dada11513955c24f68dca6db34ea2eda2635af
npm-6.14.16-1.12.22.12.1.module+el8.6.0+15324+1f2c5d8d.x86_64.rpm
SHA-256: e5f1fc33f7cf19ce999e800091dc917f8aac889dd7f72905144852e4f3c7fa46
Red Hat Enterprise Linux for ARM 64 8
SRPM
nodejs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.src.rpm
SHA-256: 129ed0d7155d40efa4a13b978394d9171ef396add24b37d15f865b0c5c0580fa
nodejs-nodemon-2.0.3-1.module+el8.4.0+11732+c668cc9f.src.rpm
SHA-256: e7a4c8f73a24729add70852acb7751c7b1fe92a6c56c69bd93c04a728000ff8c
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.src.rpm
SHA-256: b5eaa2d432ac0bbe70436e11c5d4caa25fb3cd4f19e47fd8ba146fd7b1bc92c8
aarch64
nodejs-docs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.noarch.rpm
SHA-256: 37e220b4c1a64c5965dcdc76e101904f367e55c02f41b6ac8d9e5e3e45eb752c
nodejs-nodemon-2.0.3-1.module+el8.4.0+11732+c668cc9f.noarch.rpm
SHA-256: 8b7935a5613573ea905791996f97b2f53e45421dce5a0bb94b529f1a15eb5533
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.noarch.rpm
SHA-256: f8f0d58c915a6869e7c86c1571dada11513955c24f68dca6db34ea2eda2635af
nodejs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.aarch64.rpm
SHA-256: 5ea6154205cef5eb7a42dd06bb6f30625494487c89de83dcf008a908f9a8ef15
nodejs-debuginfo-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.aarch64.rpm
SHA-256: 62311be069e343d6694202f9808983928625b4146e9e32e8acc53881f8bc6c32
nodejs-debugsource-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.aarch64.rpm
SHA-256: 75cee239a17e7e6d57dc0a10e6c656194cff1095a998eeb9961c4682f90b5d31
nodejs-devel-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.aarch64.rpm
SHA-256: 6785f3e526e18d703a4d3b9b2b04035cc55dd475f4afe06a8172d61e5bfade52
nodejs-full-i18n-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.aarch64.rpm
SHA-256: 1dacc6dcf25aabd6246bd47b0bfc1a0e2c3fba1c33a67d1475bfaa9099bfc1f2
npm-6.14.16-1.12.22.12.1.module+el8.6.0+15324+1f2c5d8d.aarch64.rpm
SHA-256: 2999df5a172312e079d0050555bd39d98ed7fa2f4e870a6284578f086e72436b
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6
SRPM
nodejs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.src.rpm
SHA-256: 129ed0d7155d40efa4a13b978394d9171ef396add24b37d15f865b0c5c0580fa
nodejs-nodemon-2.0.3-1.module+el8.4.0+11732+c668cc9f.src.rpm
SHA-256: e7a4c8f73a24729add70852acb7751c7b1fe92a6c56c69bd93c04a728000ff8c
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.src.rpm
SHA-256: b5eaa2d432ac0bbe70436e11c5d4caa25fb3cd4f19e47fd8ba146fd7b1bc92c8
aarch64
nodejs-docs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.noarch.rpm
SHA-256: 37e220b4c1a64c5965dcdc76e101904f367e55c02f41b6ac8d9e5e3e45eb752c
nodejs-nodemon-2.0.3-1.module+el8.4.0+11732+c668cc9f.noarch.rpm
SHA-256: 8b7935a5613573ea905791996f97b2f53e45421dce5a0bb94b529f1a15eb5533
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.noarch.rpm
SHA-256: f8f0d58c915a6869e7c86c1571dada11513955c24f68dca6db34ea2eda2635af
nodejs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.aarch64.rpm
SHA-256: 5ea6154205cef5eb7a42dd06bb6f30625494487c89de83dcf008a908f9a8ef15
nodejs-debuginfo-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.aarch64.rpm
SHA-256: 62311be069e343d6694202f9808983928625b4146e9e32e8acc53881f8bc6c32
nodejs-debugsource-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.aarch64.rpm
SHA-256: 75cee239a17e7e6d57dc0a10e6c656194cff1095a998eeb9961c4682f90b5d31
nodejs-devel-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.aarch64.rpm
SHA-256: 6785f3e526e18d703a4d3b9b2b04035cc55dd475f4afe06a8172d61e5bfade52
nodejs-full-i18n-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.aarch64.rpm
SHA-256: 1dacc6dcf25aabd6246bd47b0bfc1a0e2c3fba1c33a67d1475bfaa9099bfc1f2
npm-6.14.16-1.12.22.12.1.module+el8.6.0+15324+1f2c5d8d.aarch64.rpm
SHA-256: 2999df5a172312e079d0050555bd39d98ed7fa2f4e870a6284578f086e72436b
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6
SRPM
nodejs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.src.rpm
SHA-256: 129ed0d7155d40efa4a13b978394d9171ef396add24b37d15f865b0c5c0580fa
nodejs-nodemon-2.0.3-1.module+el8.4.0+11732+c668cc9f.src.rpm
SHA-256: e7a4c8f73a24729add70852acb7751c7b1fe92a6c56c69bd93c04a728000ff8c
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.src.rpm
SHA-256: b5eaa2d432ac0bbe70436e11c5d4caa25fb3cd4f19e47fd8ba146fd7b1bc92c8
ppc64le
nodejs-docs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.noarch.rpm
SHA-256: 37e220b4c1a64c5965dcdc76e101904f367e55c02f41b6ac8d9e5e3e45eb752c
nodejs-nodemon-2.0.3-1.module+el8.4.0+11732+c668cc9f.noarch.rpm
SHA-256: 8b7935a5613573ea905791996f97b2f53e45421dce5a0bb94b529f1a15eb5533
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.noarch.rpm
SHA-256: f8f0d58c915a6869e7c86c1571dada11513955c24f68dca6db34ea2eda2635af
nodejs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.ppc64le.rpm
SHA-256: 10a4501c5743573fff02a2efc832f076aa18c41ce9bceba3616c4943aec06ab1
nodejs-debuginfo-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.ppc64le.rpm
SHA-256: 1779e5bb1f76cc63072448ab1100ef61e076febf956ee74e2d45cae3351e83a5
nodejs-debugsource-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.ppc64le.rpm
SHA-256: 7409d395823f131499325b972ef3eaa022cc17ab2cf25f72ea921d5ce4c32f09
nodejs-devel-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.ppc64le.rpm
SHA-256: 55e486a24b767cb01031aefdd4c0e19e1e01aa83325a7e0cab03bea3f036cd4b
nodejs-full-i18n-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.ppc64le.rpm
SHA-256: 33a488deb357cbf084e6c1099276eff169359c132caf2c36072cc997d6d31979
npm-6.14.16-1.12.22.12.1.module+el8.6.0+15324+1f2c5d8d.ppc64le.rpm
SHA-256: a178ff80df703628e4b5dc361e0af2bdfc50880cb24789b372bd9e0ab92e8d17
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6
SRPM
nodejs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.src.rpm
SHA-256: 129ed0d7155d40efa4a13b978394d9171ef396add24b37d15f865b0c5c0580fa
nodejs-nodemon-2.0.3-1.module+el8.4.0+11732+c668cc9f.src.rpm
SHA-256: e7a4c8f73a24729add70852acb7751c7b1fe92a6c56c69bd93c04a728000ff8c
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.src.rpm
SHA-256: b5eaa2d432ac0bbe70436e11c5d4caa25fb3cd4f19e47fd8ba146fd7b1bc92c8
x86_64
nodejs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.x86_64.rpm
SHA-256: 49e377ee0dc96cd78d1e7b388503008bf778e15f30f1172625cee36b16e25385
nodejs-debuginfo-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.x86_64.rpm
SHA-256: 11a17dfcb5d0a7d4e7c53cce3b937a03db47c23aa0507b508983ee5d98d52e6b
nodejs-debugsource-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.x86_64.rpm
SHA-256: 58c344ac812be44b4032889a6a33dd807357c08259aa6296f178f5a355c0eb78
nodejs-devel-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.x86_64.rpm
SHA-256: 106853091015abdad53150c0ad7fa40251874c3aceb2c50d0c8c9b6611620021
nodejs-docs-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.noarch.rpm
SHA-256: 37e220b4c1a64c5965dcdc76e101904f367e55c02f41b6ac8d9e5e3e45eb752c
nodejs-full-i18n-12.22.12-1.module+el8.6.0+15324+1f2c5d8d.x86_64.rpm
SHA-256: 23be4f5233a8413a948d71caf8cc3af9e687bf82fb6ff0cd72ac43d20fc8b17c
nodejs-nodemon-2.0.3-1.module+el8.4.0+11732+c668cc9f.noarch.rpm
SHA-256: 8b7935a5613573ea905791996f97b2f53e45421dce5a0bb94b529f1a15eb5533
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.noarch.rpm
SHA-256: f8f0d58c915a6869e7c86c1571dada11513955c24f68dca6db34ea2eda2635af
npm-6.14.16-1.12.22.12.1.module+el8.6.0+15324+1f2c5d8d.x86_64.rpm
SHA-256: e5f1fc33f7cf19ce999e800091dc917f8aac889dd7f72905144852e4f3c7fa46
Related news
Gentoo Linux Security Advisory 202405-29 - Multiple vulnerabilities have been discovered in Node.js. Versions greater than or equal to 16.20.2 are affected.
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.16.0could allow an authenticated user to obtain sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 233665.
IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020.
Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.
Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...
Ubuntu Security Notice 6103-1 - It was discovered that JSON Schema incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to exploit JavaScript runtimes and cause a denial of service or execute arbitrary code.
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.
Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Red Hat Security Advisory 2022-9073-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44531: nodejs: Improper handling of URI Subject Alternative Names * CVE-2021-44532: nodejs: Certificate Verification Bypass via String Injection * CVE-2021-44533: nodejs: Incorrect handling of certificate subject and issuer fields * CVE-2021-44906: minimist: prototype pollution * CVE-2022-3517: nodejs-minimatch: ReDoS via the braceExpand fu...
Red Hat Security Advisory 2022-7830-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44531: nodejs: Improper handling of URI Subject Alternative Names * CVE-2021-44532: nodejs: Certificate Verification Bypass via String Injection * CVE-2021-44533: nodejs: Incorrect handling of certificate subject and issuer fields * CVE-2022-21824: nodejs: Prototype pollution via console.table properties * CVE-2022-35256: nodejs: HTTP Reque...
Red Hat Security Advisory 2022-7044-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
Red Hat Security Advisory 2022-7055-01 - An update is now available for Red Hat Openshift distributed tracing 2.6.0. Issues addressed include denial of service and traversal vulnerabilities.
An update is now available for Red Hat Openshift distributed tracing 2.6.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2022-0536: follow-redirects: Exposure of Sensitive Information via Authorization Header leak * CVE-2022-1650: eventsource: Exposure of Sensitive Information * CVE-2022-24785: Moment.js: Path traversal in moment.locale * CVE-2022-31129: moment: inefficient parsing algorithm resulting ...
An update for rh-nodejs14-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44531: nodejs: Improper handling of URI Subject Alternative Names * CVE-2021-44532: nodejs: Certificate Verification Bypass via String Injection * CVE-2021-44533: nodejs: Incorrect handling of certificate subject and issuer fields * CVE-2021-44906: minimist: prototype pollution * CVE-2022-21824: nodejs: Prototype pollution via console.table...
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609.
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609.
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609.
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609.
Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Trade Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).
Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Trade Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).
Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Trade Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).
Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Trade Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2021-22959: llhttp: HTTP Request Smuggling due to spaces in headers * CVE-2021-22960: llhttp: HTTP Request Smuggling when parsing the body of chunked requests * CVE-2021-37701: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-37712: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-44531: nodejs: Improper...
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2021-22959: llhttp: HTTP Request Smuggling due to spaces in headers * CVE-2021-22960: llhttp: HTTP Request Smuggling when parsing the body of chunked requests * CVE-2021-37701: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-37712: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-44531: nodejs: Improper...
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2021-22959: llhttp: HTTP Request Smuggling due to spaces in headers * CVE-2021-22960: llhttp: HTTP Request Smuggling when parsing the body of chunked requests * CVE-2021-37701: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-37712: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-44531: nodejs: Improper...
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2021-22959: llhttp: HTTP Request Smuggling due to spaces in headers * CVE-2021-22960: llhttp: HTTP Request Smuggling when parsing the body of chunked requests * CVE-2021-37701: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-37712: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-44531: nodejs: Improper...
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2021-22959: llhttp: HTTP Request Smuggling due to spaces in headers * CVE-2021-22960: llhttp: HTTP Request Smuggling when parsing the body of chunked requests * CVE-2021-37701: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-37712: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-44531: nodejs: Improper...
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2021-22959: llhttp: HTTP Request Smuggling due to spaces in headers * CVE-2021-22960: llhttp: HTTP Request Smuggling when parsing the body of chunked requests * CVE-2021-37701: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-37712: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-44531: nodejs: Improper...
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2021-22959: llhttp: HTTP Request Smuggling due to spaces in headers * CVE-2021-22960: llhttp: HTTP Request Smuggling when parsing the body of chunked requests * CVE-2021-37701: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-37712: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-44531: nodejs: Improper...
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2021-22959: llhttp: HTTP Request Smuggling due to spaces in headers * CVE-2021-22960: llhttp: HTTP Request Smuggling when parsing the body of chunked requests * CVE-2021-37701: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-37712: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-44531: nodejs: Improper...
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2021-22959: llhttp: HTTP Request Smuggling due to spaces in headers * CVE-2021-22960: llhttp: HTTP Request Smuggling when parsing the body of chunked requests * CVE-2021-37701: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-37712: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-44531: nodejs: Improper...
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2021-22959: llhttp: HTTP Request Smuggling due to spaces in headers * CVE-2021-22960: llhttp: HTTP Request Smuggling when parsing the body of chunked requests * CVE-2021-37701: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-37712: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-44531: nodejs: Improper...
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2021-22959: llhttp: HTTP Request Smuggling due to spaces in headers * CVE-2021-22960: llhttp: HTTP Request Smuggling when parsing the body of chunked requests * CVE-2021-37701: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-37712: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-44531: nodejs: Improper...
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2021-22959: llhttp: HTTP Request Smuggling due to spaces in headers * CVE-2021-22960: llhttp: HTTP Request Smuggling when parsing the body of chunked requests * CVE-2021-37701: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-37712: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-44531: nodejs: Improper...
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2021-22959: llhttp: HTTP Request Smuggling due to spaces in headers * CVE-2021-22960: llhttp: HTTP Request Smuggling when parsing the body of chunked requests * CVE-2021-37701: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-37712: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-44531: nodejs: Improper...
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2021-22959: llhttp: HTTP Request Smuggling due to spaces in headers * CVE-2021-22960: llhttp: HTTP Request Smuggling when parsing the body of chunked requests * CVE-2021-37701: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-37712: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-44531: nodejs: Improper...
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2021-22959: llhttp: HTTP Request Smuggling due to spaces in headers * CVE-2021-22960: llhttp: HTTP Request Smuggling when parsing the body of chunked requests * CVE-2021-37701: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-37712: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-44531: nodejs: Improper...
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2021-22959: llhttp: HTTP Request Smuggling due to spaces in headers * CVE-2021-22960: llhttp: HTTP Request Smuggling when parsing the body of chunked requests * CVE-2021-37701: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-37712: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-44531: nodejs: Improper...
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2021-22959: llhttp: HTTP Request Smuggling due to spaces in headers * CVE-2021-22960: llhttp: HTTP Request Smuggling when parsing the body of chunked requests * CVE-2021-37701: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-37712: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-44531: nodejs: Improper...
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2021-22959: llhttp: HTTP Request Smuggling due to spaces in headers * CVE-2021-22960: llhttp: HTTP Request Smuggling when parsing the body of chunked requests * CVE-2021-37701: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-37712: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-44531: nodejs: Improper...
Red Hat Security Advisory 2022-4956-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. Issues addressed include privilege escalation and traversal vulnerabilities.
Red Hat Advanced Cluster Management for Kubernetes 2.5.0 is now generally available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2021-43565: golang.org/x/crypto: empty plaintext packet causes panic * CVE-2021-43816: containerd: Unprivileged pod may bind mount any privileged regular file on disk * CVE-2021-43858: minio: user priv...
Security considerations are even more important today than they were in the past. Every day we discover new vulnerabilities that impact our computer systems, and every day our computer systems become more complex. With the deluge of vulnerabilities that threaten to swamp our security teams, the question, "How much does it matter?" comes quickly to our minds. This question, "Does it matter?", has two parts:
Red Hat Security Advisory 2022-4914-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
Red Hat Security Advisory 2022-4914-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
Red Hat Security Advisory 2022-4914-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
Red Hat Security Advisory 2022-4914-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
Red Hat Security Advisory 2022-4914-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
Red Hat Security Advisory 2022-4914-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
Red Hat Security Advisory 2022-4914-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
Red Hat Security Advisory 2022-4914-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
Red Hat Security Advisory 2022-4914-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2021-22959: llhttp: HTTP Request Smuggling due to spaces in headers * CVE-2021-22960: llhttp: HTTP Request Smuggling when parsing the body of chunked requests * CVE-2021-37701: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-37712: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite * CVE-2021-44531: nodejs...
An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2021-22959: llhttp: HTTP Request Smuggling due to spaces in headers * CVE-2021-22960: llhttp: HTTP Request Smuggling when parsing the body of chunked requests * CVE-2021-37701: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links a...
An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2021-22959: llhttp: HTTP Request Smuggling due to spaces in headers * CVE-2021-22960: llhttp: HTTP Request Smuggling when parsing the body of chunked requests * CVE-2021-37701: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links a...
An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2021-22959: llhttp: HTTP Request Smuggling due to spaces in headers * CVE-2021-22960: llhttp: HTTP Request Smuggling when parsing the body of chunked requests * CVE-2021-37701: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links a...
An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2021-22959: llhttp: HTTP Request Smuggling due to spaces in headers * CVE-2021-22960: llhttp: HTTP Request Smuggling when parsing the body of chunked requests * CVE-2021-37701: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links a...
An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2021-22959: llhttp: HTTP Request Smuggling due to spaces in headers * CVE-2021-22960: llhttp: HTTP Request Smuggling when parsing the body of chunked requests * CVE-2021-37701: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links a...
An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2021-22959: llhttp: HTTP Request Smuggling due to spaces in headers * CVE-2021-22960: llhttp: HTTP Request Smuggling when parsing the body of chunked requests * CVE-2021-37701: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links a...
An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2021-22959: llhttp: HTTP Request Smuggling due to spaces in headers * CVE-2021-22960: llhttp: HTTP Request Smuggling when parsing the body of chunked requests * CVE-2021-37701: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links a...
An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2021-22959: llhttp: HTTP Request Smuggling due to spaces in headers * CVE-2021-22960: llhttp: HTTP Request Smuggling when parsing the body of chunked requests * CVE-2021-37701: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links a...
An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2021-22959: llhttp: HTTP Request Smuggling due to spaces in headers * CVE-2021-22960: llhttp: HTTP Request Smuggling when parsing the body of chunked requests * CVE-2021-37701: nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links a...
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211240.
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211240.
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service ...
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service ...
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service ...
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service ...
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.Affected versions of Node.js that do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node's ambiguous presentation of certificate subjects may be vulnerable.
Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to.
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.
json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.
Vulnerability in the Oracle Database Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with network access via Oracle Net to compromise Oracle Database Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Enterprise Edition Unified Audit accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Oracle Database Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with network access via Oracle Net to compromise Oracle Database Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Enterprise Edition Unified Audit accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).
The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory, where the symlink and directory names in the archive entry used backslashes as a path separator on posix systems. The cache checking logic used both `\` and `/` characters as path separators, however `\` is a valid filename character on posix systems. By first creating a directory, and then replacing that directory with a symlink, it was thus possib...
The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with names containing unicode values that normalized to the same value. Additionally, on Windows systems, long path portions would resolve to the same file system entities as their 8.3 "short path" counterparts. A specially crafted tar archive could thus include a directory with one form of the path, followed by a symbolic link with a different string that resolves to the same file sy...
Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.