Security
Headlines
HeadlinesLatestCVEs

Tag

#nodejs

RHSA-2022:6890: Red Hat Security Advisory: OpenShift Virtualization 4.8.7 Images bug fixes and security update

Red Hat OpenShift Virtualization release 4.8.7 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1798: kubeVirt: Arbitrary file read on the host from KubeVirt VMs

Red Hat Security Data
Open in Source
#vulnerability#web#mac#linux#red_hat#nodejs#js#java#kubernetes#vmware#aws
GHSA-455w-c45v-86rg: fastify vulnerable to denial of service via malicious Content-Type

### Impact An attacker can send an invalid `Content-Type` header that can cause the application to crash, leading to a possible Denial of Service attack. Only the v4.x line is affected. (This was updated: upon a close inspection, v3.x is not affected after all). ### Patches Yes, update to `> v4.8.0`. ### Workarounds You can reject the malicious content types before the body parser enters in action. ```js const badNames = Object.getOwnPropertyNames({}.__proto__) fastify.addHook('onRequest', async (req, reply) => { for (const badName of badNames) { if (req.headers['content-type'].indexOf(badName) > -1) { reply.code(415) throw new Error('Content type not supported') } } }) ``` ### References See the HackerOne report [#1715536](https://hackerone.com/bugs?report_id=1715536&subject=fastify) ### For more information [Fastify security policy](https://github.com/fastify/fastify/security/policy)

RHSA-2022:6875: Red Hat Security Advisory: kpatch-patch security update

An update is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2588: kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation

Researchers Detail Critical RCE Flaw Reported in Popular vm2 JavaScript Sandbox

A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a remote adversary to break out of security barriers and perform arbitrary operations on the underlying machine. "A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox," GitHub said in an advisory published on September 28, 2022. The

CVE-2022-37616: xmldom/dom.js at bc36efddf9948aba15618f85dc1addfc2ac9d7b2 · xmldom/xmldom

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable.

CVE-2022-39288: Deny of service via malicious Content-Type

fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue has been addressed in commit `fbb07e8d` and will be included in release version 4.8.1. Users are advised to upgrade. Users unable to upgrade may manually filter out http content with malicious Content-Type headers.

GHSA-pj2c-h76w-vv6f: tiny-csrf has openly visible CSRF tokens

### Impact Weak encryption on CSRF so tokens can be read by malicious attackers. ### Patches Problems have been patched as of v1.1.0 ### Workarounds Upgrade to v1.1.0 ### References https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html ### For more information Submit an issue at [the github repo](https://github.com/valexandersaulys/tiny-csrf)

CVE-2022-39287: Openly visible CSRF tokens in versions prior to v1.1.0

tiny-csrf is a Node.js cross site request forgery (CSRF) protection middleware. In versions prior to 1.1.0 cookies were not encrypted and thus CSRF tokens were transmitted in the clear. This issue has been addressed in commit `8eead6d` and the patch with be included in version 1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.

LofyGang Uses 100s of Malicious NPM Packages to Poison Open Source Software

The group has been operating for over a year, promoting their tools in hacking forums, stealing credit card information, and using typosquatting techniques to target open source software flaws.

Red Hat Security Advisory 2022-6834-01

Red Hat Security Advisory 2022-6834-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.