Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-7598 (GCVE-0-2020-7598)
Vulnerability from cvelistv5 – Published: 2020-03-11 21:40 – Updated: 2024-08-04 09:33
VLAI
EPSS
Summary
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.
Severity
No CVSS data available.
CWE
- Prototype Pollution
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 | x_refsource_MISC |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764"
},
{
"name": "openSUSE-SU-2020:0802",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "minimist",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 1.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a \"constructor\" or \"__proto__\" payload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Prototype Pollution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-13T09:11:57.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764"
},
{
"name": "openSUSE-SU-2020:0802",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7598",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "minimist",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 1.2.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a \"constructor\" or \"__proto__\" payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Prototype Pollution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764"
},
{
"name": "openSUSE-SU-2020:0802",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7598",
"datePublished": "2020-03-11T21:40:09.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-7598",
"date": "2026-05-30",
"epss": "0.00195",
"percentile": "0.41219"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-7598\",\"sourceIdentifier\":\"report@snyk.io\",\"published\":\"2020-03-11T23:15:11.917\",\"lastModified\":\"2024-11-21T05:37:26.900\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a \\\"constructor\\\" or \\\"__proto__\\\" payload.\"},{\"lang\":\"es\",\"value\":\"minimist versiones anteriores a la versi\u00f3n 1.2.2, podr\u00eda ser enga\u00f1ado para agregar o modificar propiedades de Object.prototype usando una carga \u00fatil de \\\"constructor\\\" o \\\"__proto__\\\".\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":5.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.2,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1321\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:substack:minimist:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"1.2.2\",\"matchCriteriaId\":\"54AD34BD-D7C7-49BD-9E8F-9BCEF70349AA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html\",\"source\":\"report@snyk.io\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JS-MINIMIST-559764\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JS-MINIMIST-559764\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2025-AVI-0170
Vulnerability from certfr_avis - Published: 2025-02-28 - Updated: 2025-02-28
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 12.2.4 IF4 | ||
| IBM | QRadar | QRadar Data Synchronization versions antérieures à 3.2.1 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.1 iFix 02 | ||
| IBM | WebSphere | WebSphere Application Server versions 9.0.x sans le correctif de sécurité temporaire PH16353 ou antérieures à 9.0.5.2 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.1.x antérieures à 6.1.0.2 iFix 02 | ||
| IBM | Cognos Dashboards | Cognos Dashboards on Cloud Pak for Data versions 4.x sans le dernier correctif de sécurité | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.4 IF2 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.0.x antérieures à 6.0.3.1 iFix 02 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.2.x antérieures à 6.2.0.1 iFix 01 | ||
| IBM | Cognos Dashboards | Cognos Dashboards on Cloud Pak for Data versions 5.x antérieures à 5.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 12.2.4 IF4",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Data Synchronization versions ant\u00e9rieures \u00e0 3.2.1",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.1 iFix 02",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 9.0.x sans le correctif de s\u00e9curit\u00e9 temporaire PH16353 ou ant\u00e9rieures \u00e0 9.0.5.2",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.2 iFix 02",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Dashboards on Cloud Pak for Data versions 4.x sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Cognos Dashboards",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 IF2",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 iFix 02",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.1 iFix 01",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Dashboards on Cloud Pak for Data versions 5.x ant\u00e9rieures \u00e0 5.1",
"product": {
"name": "Cognos Dashboards",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-21536",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21536"
},
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2023-35946",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35946"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2015-7450",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7450"
},
{
"name": "CVE-2022-48554",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48554"
},
{
"name": "CVE-2018-19797",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19797"
},
{
"name": "CVE-2023-28523",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28523"
},
{
"name": "CVE-2021-27290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27290"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2023-31124",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31124"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2023-23936",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23936"
},
{
"name": "CVE-2018-19827",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19827"
},
{
"name": "CVE-2018-11694",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11694"
},
{
"name": "CVE-2024-39331",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39331"
},
{
"name": "CVE-2022-4904",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4904"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"name": "CVE-2024-30205",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30205"
},
{
"name": "CVE-2024-40094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40094"
},
{
"name": "CVE-2023-24807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24807"
},
{
"name": "CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2024-30203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30203"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2024-10917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
},
{
"name": "CVE-2021-35065",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35065"
},
{
"name": "CVE-2023-23920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
},
{
"name": "CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2023-31147",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31147"
},
{
"name": "CVE-2024-47764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
},
{
"name": "CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"name": "CVE-2024-56340",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56340"
},
{
"name": "CVE-2024-48948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2024-45216",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45216"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2023-28527",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28527"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2019-6286",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6286"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2018-19839",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19839"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2024-45217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45217"
},
{
"name": "CVE-2024-38999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38999"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2018-20821",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20821"
},
{
"name": "CVE-2019-6283",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6283"
},
{
"name": "CVE-2023-35947",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35947"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2023-23919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23919"
},
{
"name": "CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2024-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30204"
},
{
"name": "CVE-2018-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20190"
},
{
"name": "CVE-2023-28526",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28526"
},
{
"name": "CVE-2023-28155",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28155"
},
{
"name": "CVE-2018-11698",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11698"
},
{
"name": "CVE-2025-0823",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0823"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2023-31130",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31130"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2020-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7598"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
}
],
"initial_release_date": "2025-02-28T00:00:00",
"last_revision_date": "2025-02-28T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0170",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-02-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7183676",
"url": "https://www.ibm.com/support/pages/node/7183676"
},
{
"published_at": "2019-11-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 1107105",
"url": "https://www.ibm.com/support/pages/node/1107105"
},
{
"published_at": "2025-02-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184475",
"url": "https://www.ibm.com/support/pages/node/7184475"
},
{
"published_at": "2025-02-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184474",
"url": "https://www.ibm.com/support/pages/node/7184474"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184092",
"url": "https://www.ibm.com/support/pages/node/7184092"
},
{
"published_at": "2025-02-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184217",
"url": "https://www.ibm.com/support/pages/node/7184217"
},
{
"published_at": "2025-02-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184476",
"url": "https://www.ibm.com/support/pages/node/7184476"
}
]
}
Title
minimist输入验证错误漏洞
Description
minimist是一款命令行参数解析工具。
minimist存在输入验证错误漏洞,攻击者可利用该漏洞使用“构造函数”或“ __proto__”有效负载来添加或修改Object.prototype的属性。
Severity
高
Patch Name
minimist输入验证错误漏洞的补丁
Patch Description
minimist是一款命令行参数解析工具。
minimist存在输入验证错误漏洞,攻击者可利用该漏洞使用“构造函数”或“ __proto__”有效负载来添加或修改Object.prototype的属性。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://github.com/substack/minimist
Reference
https://nvd.nist.gov/vuln/detail/CVE-2020-7598
https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
Impacted products
| Name | minimist minimist <1.2.2 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-7598"
}
},
"description": "minimist\u662f\u4e00\u6b3e\u547d\u4ee4\u884c\u53c2\u6570\u89e3\u6790\u5de5\u5177\u3002\n\nminimist\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u7528\u201c\u6784\u9020\u51fd\u6570\u201d\u6216\u201c __proto__\u201d\u6709\u6548\u8d1f\u8f7d\u6765\u6dfb\u52a0\u6216\u4fee\u6539Object.prototype\u7684\u5c5e\u6027\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/substack/minimist",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-19556",
"openTime": "2020-03-26",
"patchDescription": "minimist\u662f\u4e00\u6b3e\u547d\u4ee4\u884c\u53c2\u6570\u89e3\u6790\u5de5\u5177\u3002\r\n\r\nminimist\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u7528\u201c\u6784\u9020\u51fd\u6570\u201d\u6216\u201c __proto__\u201d\u6709\u6548\u8d1f\u8f7d\u6765\u6dfb\u52a0\u6216\u4fee\u6539Object.prototype\u7684\u5c5e\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "minimist\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "minimist minimist \u003c1.2.2"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-7598\r\nhttps://snyk.io/vuln/SNYK-JS-MINIMIST-559764",
"serverity": "\u9ad8",
"submitTime": "2020-03-12",
"title": "minimist\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}
FKIE_CVE-2020-7598
Vulnerability from fkie_nvd - Published: 2020-03-11 23:15 - Updated: 2024-11-21 05:37
Severity
Summary
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.
References
| URL | Tags | ||
|---|---|---|---|
| report@snyk.io | http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html | Mailing List, Third Party Advisory | |
| report@snyk.io | https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 | Exploit, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:substack:minimist:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "54AD34BD-D7C7-49BD-9E8F-9BCEF70349AA",
"versionEndExcluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a \"constructor\" or \"__proto__\" payload."
},
{
"lang": "es",
"value": "minimist versiones anteriores a la versi\u00f3n 1.2.2, podr\u00eda ser enga\u00f1ado para agregar o modificar propiedades de Object.prototype usando una carga \u00fatil de \"constructor\" o \"__proto__\"."
}
],
"id": "CVE-2020-7598",
"lastModified": "2024-11-21T05:37:26.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-11T23:15:11.917",
"references": [
{
"source": "report@snyk.io",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html"
},
{
"source": "report@snyk.io",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764"
}
],
"sourceIdentifier": "report@snyk.io",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-VH95-RMGR-6W4M
Vulnerability from github – Published: 2020-04-03 21:48 – Updated: 2024-02-13 20:00
VLAI
Summary
Prototype Pollution in minimist
Details
Affected versions of minimist are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects.
Parsing the argument --__proto__.y=Polluted adds a y property with value Polluted to all objects. The argument --__proto__=Polluted raises and uncaught error and crashes the application.
This is exploitable if attackers have control over the arguments being passed to minimist.
Recommendation
Upgrade to versions 0.2.1, 1.2.3 or later.
Severity
5.6 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "minimist"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.2.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "minimist"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "1.2.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-7598"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2020-04-03T21:42:08Z",
"nvd_published_at": "2020-03-11T23:15:00Z",
"severity": "MODERATE"
},
"details": "Affected versions of `minimist` are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of `Object`, causing the addition or modification of an existing property that will exist on all objects. \nParsing the argument `--__proto__.y=Polluted` adds a `y` property with value `Polluted` to all objects. The argument `--__proto__=Polluted` raises and uncaught error and crashes the application. \nThis is exploitable if attackers have control over the arguments being passed to `minimist`.\n\n\n## Recommendation\n\nUpgrade to versions 0.2.1, 1.2.3 or later.",
"id": "GHSA-vh95-rmgr-6w4m",
"modified": "2024-02-13T20:00:13Z",
"published": "2020-04-03T21:48:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7598"
},
{
"type": "WEB",
"url": "https://github.com/minimistjs/minimist/commit/10bd4cdf49d9686d48214be9d579a9cdfda37c68"
},
{
"type": "WEB",
"url": "https://github.com/minimistjs/minimist/commit/38a4d1caead72ef99e824bb420a2528eec03d9ab"
},
{
"type": "WEB",
"url": "https://github.com/minimistjs/minimist/commit/4cf1354839cb972e38496d35e12f806eea92c11f#diff-a1e0ee62c91705696ddb71aa30ad4f95"
},
{
"type": "WEB",
"url": "https://github.com/minimistjs/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94"
},
{
"type": "PACKAGE",
"url": "https://github.com/substack/minimist"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/1179"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Prototype Pollution in minimist"
}
GSD-2020-7598
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-7598",
"description": "minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a \"constructor\" or \"__proto__\" payload.",
"id": "GSD-2020-7598",
"references": [
"https://www.suse.com/security/cve/CVE-2020-7598.html",
"https://access.redhat.com/errata/RHSA-2021:2643",
"https://access.redhat.com/errata/RHSA-2020:4298",
"https://access.redhat.com/errata/RHSA-2020:3247",
"https://access.redhat.com/errata/RHSA-2020:3084",
"https://access.redhat.com/errata/RHSA-2020:3042",
"https://access.redhat.com/errata/RHSA-2020:2992",
"https://access.redhat.com/errata/RHSA-2020:2895",
"https://access.redhat.com/errata/RHSA-2020:2852",
"https://access.redhat.com/errata/RHSA-2020:2849",
"https://access.redhat.com/errata/RHSA-2020:2848",
"https://access.redhat.com/errata/RHSA-2020:2847",
"https://access.redhat.com/errata/RHSA-2020:2362",
"https://linux.oracle.com/cve/CVE-2020-7598.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-7598"
],
"details": "minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a \"constructor\" or \"__proto__\" payload.",
"id": "GSD-2020-7598",
"modified": "2023-12-13T01:21:51.952520Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7598",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "minimist",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 1.2.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a \"constructor\" or \"__proto__\" payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Prototype Pollution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764"
},
{
"name": "openSUSE-SU-2020:0802",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.2.2",
"affected_versions": "All versions before 1.2.2",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-937"
],
"date": "2021-07-21",
"description": "minimist could be tricked into adding or modifying properties of `Object.prototype` using a `constructor` or `__proto__` payload.",
"fixed_versions": [
"1.2.2"
],
"identifier": "CVE-2020-7598",
"identifiers": [
"CVE-2020-7598"
],
"not_impacted": "All versions starting from 1.2.2",
"package_slug": "npm/minimist",
"pubdate": "2020-03-11",
"solution": "Upgrade to version 1.2.2 or above.",
"title": "Improper Input Validation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-7598"
],
"uuid": "53e8766c-27eb-4278-8c4f-3dcef53a68bf"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:substack:minimist:*:*:*:*:*:node.js:*:*",
"cpe_name": [],
"versionEndExcluding": "1.2.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7598"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a \"constructor\" or \"__proto__\" payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764",
"refsource": "MISC",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764"
},
{
"name": "openSUSE-SU-2020:0802",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4
}
},
"lastModifiedDate": "2022-04-22T19:02Z",
"publishedDate": "2020-03-11T23:15Z"
}
}
}
OPENSUSE-SU-2020:0802-1
Vulnerability from csaf_opensuse - Published: 2020-06-12 18:17 - Updated: 2020-06-12 18:17Summary
Security update for nodejs8
Severity
Critical
Notes
Title of the patch: Security update for nodejs8
Description of the patch: This update for nodejs8 fixes the following issues:
- CVE-2020-8174: Fixed multiple memory corruption in napi_get_value_string_*() (bsc#1172443).
- CVE-2020-11080: Fixed a potential denial of service when receiving unreasonably large HTTP/2 SETTINGS frames (bsc#1172442).
- CVE-2020-7598: Fixed an issue which could have tricked minimist into adding or modifying
properties of Object.prototype (bsc#1166916).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2020-802
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-8.17.0-lp151.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-8.17.0-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-devel-8.17.0-lp151.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-devel-8.17.0-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-docs-8.17.0-lp151.2.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm8-8.17.0-lp151.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm8-8.17.0-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-8.17.0-lp151.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-8.17.0-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-devel-8.17.0-lp151.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-devel-8.17.0-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-docs-8.17.0-lp151.2.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm8-8.17.0-lp151.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm8-8.17.0-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-8.17.0-lp151.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-8.17.0-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-devel-8.17.0-lp151.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-devel-8.17.0-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-docs-8.17.0-lp151.2.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm8-8.17.0-lp151.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm8-8.17.0-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs8",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs8 fixes the following issues:\n\n- CVE-2020-8174: Fixed multiple memory corruption in napi_get_value_string_*() (bsc#1172443).\n- CVE-2020-11080: Fixed a potential denial of service when receiving unreasonably large HTTP/2 SETTINGS frames (bsc#1172442). \n- CVE-2020-7598: Fixed an issue which could have tricked minimist into adding or modifying \n properties of Object.prototype (bsc#1166916).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-802",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0802-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0802-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RQM2VNI6BXE7OOJSD4OI2KDH2ZTRUUCD/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0802-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RQM2VNI6BXE7OOJSD4OI2KDH2ZTRUUCD/"
},
{
"category": "self",
"summary": "SUSE Bug 1166916",
"url": "https://bugzilla.suse.com/1166916"
},
{
"category": "self",
"summary": "SUSE Bug 1172442",
"url": "https://bugzilla.suse.com/1172442"
},
{
"category": "self",
"summary": "SUSE Bug 1172443",
"url": "https://bugzilla.suse.com/1172443"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11080 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-7598 page",
"url": "https://www.suse.com/security/cve/CVE-2020-7598/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8174 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8174/"
}
],
"title": "Security update for nodejs8",
"tracking": {
"current_release_date": "2020-06-12T18:17:49Z",
"generator": {
"date": "2020-06-12T18:17:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0802-1",
"initial_release_date": "2020-06-12T18:17:49Z",
"revision_history": [
{
"date": "2020-06-12T18:17:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nodejs8-8.17.0-lp151.2.15.1.i586",
"product": {
"name": "nodejs8-8.17.0-lp151.2.15.1.i586",
"product_id": "nodejs8-8.17.0-lp151.2.15.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs8-devel-8.17.0-lp151.2.15.1.i586",
"product": {
"name": "nodejs8-devel-8.17.0-lp151.2.15.1.i586",
"product_id": "nodejs8-devel-8.17.0-lp151.2.15.1.i586"
}
},
{
"category": "product_version",
"name": "npm8-8.17.0-lp151.2.15.1.i586",
"product": {
"name": "npm8-8.17.0-lp151.2.15.1.i586",
"product_id": "npm8-8.17.0-lp151.2.15.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs8-docs-8.17.0-lp151.2.15.1.noarch",
"product": {
"name": "nodejs8-docs-8.17.0-lp151.2.15.1.noarch",
"product_id": "nodejs8-docs-8.17.0-lp151.2.15.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs8-8.17.0-lp151.2.15.1.x86_64",
"product": {
"name": "nodejs8-8.17.0-lp151.2.15.1.x86_64",
"product_id": "nodejs8-8.17.0-lp151.2.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs8-devel-8.17.0-lp151.2.15.1.x86_64",
"product": {
"name": "nodejs8-devel-8.17.0-lp151.2.15.1.x86_64",
"product_id": "nodejs8-devel-8.17.0-lp151.2.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm8-8.17.0-lp151.2.15.1.x86_64",
"product": {
"name": "npm8-8.17.0-lp151.2.15.1.x86_64",
"product_id": "npm8-8.17.0-lp151.2.15.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-8.17.0-lp151.2.15.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:nodejs8-8.17.0-lp151.2.15.1.i586"
},
"product_reference": "nodejs8-8.17.0-lp151.2.15.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-8.17.0-lp151.2.15.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:nodejs8-8.17.0-lp151.2.15.1.x86_64"
},
"product_reference": "nodejs8-8.17.0-lp151.2.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-devel-8.17.0-lp151.2.15.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:nodejs8-devel-8.17.0-lp151.2.15.1.i586"
},
"product_reference": "nodejs8-devel-8.17.0-lp151.2.15.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-devel-8.17.0-lp151.2.15.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:nodejs8-devel-8.17.0-lp151.2.15.1.x86_64"
},
"product_reference": "nodejs8-devel-8.17.0-lp151.2.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-docs-8.17.0-lp151.2.15.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:nodejs8-docs-8.17.0-lp151.2.15.1.noarch"
},
"product_reference": "nodejs8-docs-8.17.0-lp151.2.15.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm8-8.17.0-lp151.2.15.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:npm8-8.17.0-lp151.2.15.1.i586"
},
"product_reference": "npm8-8.17.0-lp151.2.15.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm8-8.17.0-lp151.2.15.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:npm8-8.17.0-lp151.2.15.1.x86_64"
},
"product_reference": "npm8-8.17.0-lp151.2.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-11080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11080"
}
],
"notes": [
{
"category": "general",
"text": "In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., \u003e 32), then drop the connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:nodejs8-8.17.0-lp151.2.15.1.i586",
"openSUSE Leap 15.1:nodejs8-8.17.0-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.17.0-lp151.2.15.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.17.0-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.17.0-lp151.2.15.1.noarch",
"openSUSE Leap 15.1:npm8-8.17.0-lp151.2.15.1.i586",
"openSUSE Leap 15.1:npm8-8.17.0-lp151.2.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11080",
"url": "https://www.suse.com/security/cve/CVE-2020-11080"
},
{
"category": "external",
"summary": "SUSE Bug 1172441 for CVE-2020-11080",
"url": "https://bugzilla.suse.com/1172441"
},
{
"category": "external",
"summary": "SUSE Bug 1172442 for CVE-2020-11080",
"url": "https://bugzilla.suse.com/1172442"
},
{
"category": "external",
"summary": "SUSE Bug 1181358 for CVE-2020-11080",
"url": "https://bugzilla.suse.com/1181358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:nodejs8-8.17.0-lp151.2.15.1.i586",
"openSUSE Leap 15.1:nodejs8-8.17.0-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.17.0-lp151.2.15.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.17.0-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.17.0-lp151.2.15.1.noarch",
"openSUSE Leap 15.1:npm8-8.17.0-lp151.2.15.1.i586",
"openSUSE Leap 15.1:npm8-8.17.0-lp151.2.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:nodejs8-8.17.0-lp151.2.15.1.i586",
"openSUSE Leap 15.1:nodejs8-8.17.0-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.17.0-lp151.2.15.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.17.0-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.17.0-lp151.2.15.1.noarch",
"openSUSE Leap 15.1:npm8-8.17.0-lp151.2.15.1.i586",
"openSUSE Leap 15.1:npm8-8.17.0-lp151.2.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-12T18:17:49Z",
"details": "important"
}
],
"title": "CVE-2020-11080"
},
{
"cve": "CVE-2020-7598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-7598"
}
],
"notes": [
{
"category": "general",
"text": "minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a \"constructor\" or \"__proto__\" payload.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:nodejs8-8.17.0-lp151.2.15.1.i586",
"openSUSE Leap 15.1:nodejs8-8.17.0-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.17.0-lp151.2.15.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.17.0-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.17.0-lp151.2.15.1.noarch",
"openSUSE Leap 15.1:npm8-8.17.0-lp151.2.15.1.i586",
"openSUSE Leap 15.1:npm8-8.17.0-lp151.2.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-7598",
"url": "https://www.suse.com/security/cve/CVE-2020-7598"
},
{
"category": "external",
"summary": "SUSE Bug 1166916 for CVE-2020-7598",
"url": "https://bugzilla.suse.com/1166916"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:nodejs8-8.17.0-lp151.2.15.1.i586",
"openSUSE Leap 15.1:nodejs8-8.17.0-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.17.0-lp151.2.15.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.17.0-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.17.0-lp151.2.15.1.noarch",
"openSUSE Leap 15.1:npm8-8.17.0-lp151.2.15.1.i586",
"openSUSE Leap 15.1:npm8-8.17.0-lp151.2.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:nodejs8-8.17.0-lp151.2.15.1.i586",
"openSUSE Leap 15.1:nodejs8-8.17.0-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.17.0-lp151.2.15.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.17.0-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.17.0-lp151.2.15.1.noarch",
"openSUSE Leap 15.1:npm8-8.17.0-lp151.2.15.1.i586",
"openSUSE Leap 15.1:npm8-8.17.0-lp151.2.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-12T18:17:49Z",
"details": "important"
}
],
"title": "CVE-2020-7598"
},
{
"cve": "CVE-2020-8174",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8174"
}
],
"notes": [
{
"category": "general",
"text": "napi_get_value_string_*() allows various kinds of memory corruption in node \u003c 10.21.0, 12.18.0, and \u003c 14.4.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:nodejs8-8.17.0-lp151.2.15.1.i586",
"openSUSE Leap 15.1:nodejs8-8.17.0-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.17.0-lp151.2.15.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.17.0-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.17.0-lp151.2.15.1.noarch",
"openSUSE Leap 15.1:npm8-8.17.0-lp151.2.15.1.i586",
"openSUSE Leap 15.1:npm8-8.17.0-lp151.2.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8174",
"url": "https://www.suse.com/security/cve/CVE-2020-8174"
},
{
"category": "external",
"summary": "SUSE Bug 1172443 for CVE-2020-8174",
"url": "https://bugzilla.suse.com/1172443"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:nodejs8-8.17.0-lp151.2.15.1.i586",
"openSUSE Leap 15.1:nodejs8-8.17.0-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.17.0-lp151.2.15.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.17.0-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.17.0-lp151.2.15.1.noarch",
"openSUSE Leap 15.1:npm8-8.17.0-lp151.2.15.1.i586",
"openSUSE Leap 15.1:npm8-8.17.0-lp151.2.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:nodejs8-8.17.0-lp151.2.15.1.i586",
"openSUSE Leap 15.1:nodejs8-8.17.0-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.17.0-lp151.2.15.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.17.0-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.17.0-lp151.2.15.1.noarch",
"openSUSE Leap 15.1:npm8-8.17.0-lp151.2.15.1.i586",
"openSUSE Leap 15.1:npm8-8.17.0-lp151.2.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-12T18:17:49Z",
"details": "critical"
}
],
"title": "CVE-2020-8174"
}
]
}
RHSA-2020:2362
Vulnerability from csaf_redhat - Published: 2020-06-02 15:34 - Updated: 2026-05-14 22:25Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh security update
Severity
Moderate
Notes
Topic: An update for jaeger, kiali, and servicemesh-grafana is now available for OpenShift Service Mesh 1.0.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
Security Fix(es):
* nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties (CVE-2019-10744)
* nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* grafana: information disclosure through world-readable grafana configuration files (CVE-2020-12459)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A Prototype Pollution vulnerability was found in lodash. Calling certain methods with untrusted JSON could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.
9.1 (Critical)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-1.0:servicemesh-grafana-prometheus-0:6.2.2-36.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in nodejs-minimist, where it was tricked into adding or modifying properties of the Object.prototype using a "constructor" or "__proto__" payload. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
5.6 (Medium)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-1.0:servicemesh-grafana-prometheus-0:6.2.2-36.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.
6.1 (Medium)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-1.0:servicemesh-grafana-prometheus-0:6.2.2-36.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An information-disclosure flaw was found in Grafana distributed by Red Hat. This flaw allows a local attacker access to potentially sensitive information such as secret_key and a bind_password from the world-readable files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml.
6.2 (Medium)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-1.0:servicemesh-grafana-prometheus-0:6.2.2-36.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for jaeger, kiali, and servicemesh-grafana is now available for OpenShift Service Mesh 1.0.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nSecurity Fix(es):\n\n* nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties (CVE-2019-10744)\n\n* nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* grafana: information disclosure through world-readable grafana configuration files (CVE-2020-12459)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:2362",
"url": "https://access.redhat.com/errata/RHSA-2020:2362"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1739497",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1739497"
},
{
"category": "external",
"summary": "1813344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813344"
},
{
"category": "external",
"summary": "1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "1829724",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1829724"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2362.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh security update",
"tracking": {
"current_release_date": "2026-05-14T22:25:27+00:00",
"generator": {
"date": "2026-05-14T22:25:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2020:2362",
"initial_release_date": "2020-06-02T15:34:01+00:00",
"revision_history": [
{
"date": "2020-06-02T15:34:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-06-02T15:34:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:25:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 1.0",
"product": {
"name": "Red Hat OpenShift Service Mesh 1.0",
"product_id": "7Server-RH7-RHOSSM-1.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:1.0::el7"
}
}
},
{
"category": "product_name",
"name": "OpenShift Service Mesh 1.0",
"product": {
"name": "OpenShift Service Mesh 1.0",
"product_id": "8Base-OSSM-1.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:1.0::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "jaeger-0:v1.13.1.redhat7-1.el7.x86_64",
"product": {
"name": "jaeger-0:v1.13.1.redhat7-1.el7.x86_64",
"product_id": "jaeger-0:v1.13.1.redhat7-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jaeger@v1.13.1.redhat7-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kiali-0:v1.0.11.redhat1-1.el7.x86_64",
"product": {
"name": "kiali-0:v1.0.11.redhat1-1.el7.x86_64",
"product_id": "kiali-0:v1.0.11.redhat1-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kiali@v1.0.11.redhat1-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-grafana-0:6.2.2-36.el8.x86_64",
"product": {
"name": "servicemesh-grafana-0:6.2.2-36.el8.x86_64",
"product_id": "servicemesh-grafana-0:6.2.2-36.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-grafana@6.2.2-36.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-grafana-prometheus-0:6.2.2-36.el8.x86_64",
"product": {
"name": "servicemesh-grafana-prometheus-0:6.2.2-36.el8.x86_64",
"product_id": "servicemesh-grafana-prometheus-0:6.2.2-36.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-grafana-prometheus@6.2.2-36.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "jaeger-0:v1.13.1.redhat7-1.el7.src",
"product": {
"name": "jaeger-0:v1.13.1.redhat7-1.el7.src",
"product_id": "jaeger-0:v1.13.1.redhat7-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jaeger@v1.13.1.redhat7-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "kiali-0:v1.0.11.redhat1-1.el7.src",
"product": {
"name": "kiali-0:v1.0.11.redhat1-1.el7.src",
"product_id": "kiali-0:v1.0.11.redhat1-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kiali@v1.0.11.redhat1-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "servicemesh-grafana-0:6.2.2-36.el8.src",
"product": {
"name": "servicemesh-grafana-0:6.2.2-36.el8.src",
"product_id": "servicemesh-grafana-0:6.2.2-36.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-grafana@6.2.2-36.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jaeger-0:v1.13.1.redhat7-1.el7.src as a component of Red Hat OpenShift Service Mesh 1.0",
"product_id": "7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.src"
},
"product_reference": "jaeger-0:v1.13.1.redhat7-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSSM-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jaeger-0:v1.13.1.redhat7-1.el7.x86_64 as a component of Red Hat OpenShift Service Mesh 1.0",
"product_id": "7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.x86_64"
},
"product_reference": "jaeger-0:v1.13.1.redhat7-1.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSSM-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kiali-0:v1.0.11.redhat1-1.el7.src as a component of Red Hat OpenShift Service Mesh 1.0",
"product_id": "7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.src"
},
"product_reference": "kiali-0:v1.0.11.redhat1-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSSM-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kiali-0:v1.0.11.redhat1-1.el7.x86_64 as a component of Red Hat OpenShift Service Mesh 1.0",
"product_id": "7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.x86_64"
},
"product_reference": "kiali-0:v1.0.11.redhat1-1.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSSM-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-grafana-0:6.2.2-36.el8.src as a component of OpenShift Service Mesh 1.0",
"product_id": "8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.src"
},
"product_reference": "servicemesh-grafana-0:6.2.2-36.el8.src",
"relates_to_product_reference": "8Base-OSSM-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-grafana-0:6.2.2-36.el8.x86_64 as a component of OpenShift Service Mesh 1.0",
"product_id": "8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.x86_64"
},
"product_reference": "servicemesh-grafana-0:6.2.2-36.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-grafana-prometheus-0:6.2.2-36.el8.x86_64 as a component of OpenShift Service Mesh 1.0",
"product_id": "8Base-OSSM-1.0:servicemesh-grafana-prometheus-0:6.2.2-36.el8.x86_64"
},
"product_reference": "servicemesh-grafana-prometheus-0:6.2.2-36.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-1.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-10744",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-07-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1739497"
}
],
"notes": [
{
"category": "description",
"text": "A Prototype Pollution vulnerability was found in lodash. Calling certain methods with untrusted JSON could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The lodash dependency is included in OpenShift Container Platform (OCP) by Kibana in the aggregated logging stack. Elastic have issued a security advisory (ESA-2019-10) for Kibana for this vulnerability, and in that advisory stated that no exploit vectors had been identified in Kibana. Therefore we rate this issue as moderate for OCP and may fix this issue in a future release.\n\nhttps://www.elastic.co/community/security\n\nThis issue did not affect the versions of rh-nodejs8-nodejs and rh-nodejs10-nodejs as shipped with Red Hat Software Collections.\n\nWhilst a vulnerable version of lodash has been included in ServiceMesh, the impact is lowered to Moderate due to the library not being directly accessible increasing the attack complexity and the fact that the attacker would need some existing access - meaning the vulnerability is not crossing a privilege boundary.\n\nRed Hat Quay imports lodash as a runtime dependency of restangular. The restangular function in use by Red Hat Quay do not use lodash to parse user input. This issue therefore rated moderate impact for Red Hat Quay.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.src",
"7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.x86_64",
"7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.src",
"7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.x86_64",
"8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.src",
"8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.x86_64",
"8Base-OSSM-1.0:servicemesh-grafana-prometheus-0:6.2.2-36.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10744"
},
{
"category": "external",
"summary": "RHBZ#1739497",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1739497"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10744",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10744"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10744",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10744"
}
],
"release_date": "2019-08-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-06-02T15:34:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.src",
"7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.x86_64",
"7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.src",
"7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.x86_64",
"8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.src",
"8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.x86_64",
"8Base-OSSM-1.0:servicemesh-grafana-prometheus-0:6.2.2-36.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2362"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.src",
"7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.x86_64",
"7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.src",
"7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.x86_64",
"8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.src",
"8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.x86_64",
"8Base-OSSM-1.0:servicemesh-grafana-prometheus-0:6.2.2-36.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties"
},
{
"cve": "CVE-2020-7598",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-03-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1813344"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-minimist, where it was tricked into adding or modifying properties of the Object.prototype using a \"constructor\" or \"__proto__\" payload. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Quay only includes minimist as a dependency of the test suites, and it not include it in the product. We may fix this issue in a future Red Hat Quay release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.src",
"7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.x86_64",
"7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.src",
"7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.x86_64",
"8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.src",
"8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.x86_64",
"8Base-OSSM-1.0:servicemesh-grafana-prometheus-0:6.2.2-36.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-7598"
},
{
"category": "external",
"summary": "RHBZ#1813344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7598"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7598",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7598"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764",
"url": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764"
}
],
"release_date": "2020-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-06-02T15:34:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.src",
"7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.x86_64",
"7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.src",
"7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.x86_64",
"8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.src",
"8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.x86_64",
"8Base-OSSM-1.0:servicemesh-grafana-prometheus-0:6.2.2-36.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2362"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.src",
"7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.x86_64",
"7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.src",
"7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.x86_64",
"8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.src",
"8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.x86_64",
"8Base-OSSM-1.0:servicemesh-grafana-prometheus-0:6.2.2-36.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload"
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828406"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.src",
"7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.x86_64",
"7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.src",
"7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.x86_64",
"8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.src",
"8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.x86_64",
"8Base-OSSM-1.0:servicemesh-grafana-prometheus-0:6.2.2-36.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "RHBZ#1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
}
],
"release_date": "2020-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-06-02T15:34:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.src",
"7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.x86_64",
"7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.src",
"7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.x86_64",
"8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.src",
"8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.x86_64",
"8Base-OSSM-1.0:servicemesh-grafana-prometheus-0:6.2.2-36.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2362"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.src",
"7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.x86_64",
"7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.src",
"7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.x86_64",
"8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.src",
"8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.x86_64",
"8Base-OSSM-1.0:servicemesh-grafana-prometheus-0:6.2.2-36.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
},
{
"cve": "CVE-2020-12459",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2020-04-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1829724"
}
],
"notes": [
{
"category": "description",
"text": "An information-disclosure flaw was found in Grafana distributed by Red Hat. This flaw allows a local attacker access to potentially sensitive information such as secret_key and a bind_password from the world-readable files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: information disclosure through world-readable grafana configuration files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Ceph Storage 3 and 4 are not affected by this vulnerability, as the shared grafana container uses grafana v5.2.4 which sets correct permissions for configuration files.\n\nThis issue did not affect the version of grafana as shipped with Red Hat Gluster Storage 3, as it ships grafana v4.6.4 which sets correct permissions for configuration files.\n\nIn both OpenShift Container Platform (OCP) and OpenShift ServiceMesh (OSSM), the grafana containers set their database files to world readable. However, as it\u0027s run in a container image with SELinux MCS labels this prevents other processes on the host from reading it. Therefore, for both (OCP and OSSM) the impact is low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.src",
"7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.x86_64",
"7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.src",
"7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.x86_64",
"8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.src",
"8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.x86_64",
"8Base-OSSM-1.0:servicemesh-grafana-prometheus-0:6.2.2-36.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-12459"
},
{
"category": "external",
"summary": "RHBZ#1829724",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1829724"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-12459",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-12459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12459"
}
],
"release_date": "2020-04-23T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-06-02T15:34:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.src",
"7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.x86_64",
"7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.src",
"7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.x86_64",
"8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.src",
"8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.x86_64",
"8Base-OSSM-1.0:servicemesh-grafana-prometheus-0:6.2.2-36.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2362"
},
{
"category": "workaround",
"details": "Manually change the files permission to remove readable bits for others:\n\n# chmod 640 /etc/grafana/grafana.ini /etc/grafana/ldap.toml",
"product_ids": [
"7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.src",
"7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.x86_64",
"7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.src",
"7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.x86_64",
"8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.src",
"8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.x86_64",
"8Base-OSSM-1.0:servicemesh-grafana-prometheus-0:6.2.2-36.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.src",
"7Server-RH7-RHOSSM-1.0:jaeger-0:v1.13.1.redhat7-1.el7.x86_64",
"7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.src",
"7Server-RH7-RHOSSM-1.0:kiali-0:v1.0.11.redhat1-1.el7.x86_64",
"8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.src",
"8Base-OSSM-1.0:servicemesh-grafana-0:6.2.2-36.el8.x86_64",
"8Base-OSSM-1.0:servicemesh-grafana-prometheus-0:6.2.2-36.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "grafana: information disclosure through world-readable grafana configuration files"
}
]
}
RHSA-2020:2847
Vulnerability from csaf_redhat - Published: 2020-07-07 09:14 - Updated: 2026-02-27 11:12Summary
Red Hat Security Advisory: nodejs:12 security update
Severity
Important
Notes
Topic: An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (12.18.2).
Security Fix(es):
* nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080)
* nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598)
* nodejs: TLS session reuse can lead to hostname verification bypass (CVE-2020-8172)
* nodejs: memory corruption in napi_get_value_string_* functions (CVE-2020-8174)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in nodejs-minimist, where it was tricked into adding or modifying properties of the Object.prototype using a "constructor" or "__proto__" payload. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
5.6 (Medium)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.src::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-docs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.noarch::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A TLS Hostname verification bypass vulnerability exists in NodeJS. This flaw allows an attacker to bypass TLS Hostname verification when a TLS client reuses HTTPS sessions.
7.4 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.src::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-docs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.noarch::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in nodejs. Calling napi_get_value_string_latin1(), napi_get_value_string_utf8(), or napi_get_value_string_utf16() with a non-NULL buf, and a bufsize of 0 will cause the entire string value to be written to buf, probably overrunning the length of the buffer.
8.1 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.src::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-docs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.noarch::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A resource consumption vulnerability was found in nghttp2. This flaw allows an attacker to repeatedly construct an overly large HTTP/2 SETTINGS frame with a length of 14,400 bytes that causes excessive CPU usage, leading to a denial of service.
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.src::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-docs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.noarch::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
26 references
Acknowledgments
the Envoy security team
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (12.18.2).\n\nSecurity Fix(es):\n\n* nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080)\n\n* nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598)\n\n* nodejs: TLS session reuse can lead to hostname verification bypass (CVE-2020-8172)\n\n* nodejs: memory corruption in napi_get_value_string_* functions (CVE-2020-8174)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:2847",
"url": "https://access.redhat.com/errata/RHSA-2020:2847"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1813344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813344"
},
{
"category": "external",
"summary": "1844929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1844929"
},
{
"category": "external",
"summary": "1845247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845247"
},
{
"category": "external",
"summary": "1845256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845256"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2847.json"
}
],
"title": "Red Hat Security Advisory: nodejs:12 security update",
"tracking": {
"current_release_date": "2026-02-27T11:12:30+00:00",
"generator": {
"date": "2026-02-27T11:12:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2020:2847",
"initial_release_date": "2020-07-07T09:14:43+00:00",
"revision_history": [
{
"date": "2020-07-07T09:14:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-07-07T09:14:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-27T11:12:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.1::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.src::nodejs:12",
"product": {
"name": "nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.src (nodejs:12)",
"product_id": "nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.src::nodejs:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@12.18.2-1.module%2Bel8.1.0%2B7232%2Bf8b5ede5?arch=src\u0026epoch=1\u0026rpmmod=nodejs:12:8010020200630154708:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src::nodejs:12",
"product": {
"name": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src (nodejs:12)",
"product_id": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src::nodejs:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@1.18.3-1.module%2Bel8.1.0%2B3369%2B37ae6a45?arch=src\u0026rpmmod=nodejs:12:8010020200630154708:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src::nodejs:12",
"product": {
"name": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src (nodejs:12)",
"product_id": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src::nodejs:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@17-3.module%2Bel8.1.0%2B3369%2B37ae6a45?arch=src\u0026rpmmod=nodejs:12:8010020200630154708:c27ad7f8"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.noarch::nodejs:12",
"product": {
"name": "nodejs-docs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.noarch (nodejs:12)",
"product_id": "nodejs-docs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.noarch::nodejs:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@12.18.2-1.module%2Bel8.1.0%2B7232%2Bf8b5ede5?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:12:8010020200630154708:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12",
"product": {
"name": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch (nodejs:12)",
"product_id": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@1.18.3-1.module%2Bel8.1.0%2B3369%2B37ae6a45?arch=noarch\u0026rpmmod=nodejs:12:8010020200630154708:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12",
"product": {
"name": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch (nodejs:12)",
"product_id": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@17-3.module%2Bel8.1.0%2B3369%2B37ae6a45?arch=noarch\u0026rpmmod=nodejs:12:8010020200630154708:c27ad7f8"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"product": {
"name": "nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64 (nodejs:12)",
"product_id": "nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@12.18.2-1.module%2Bel8.1.0%2B7232%2Bf8b5ede5?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:12:8010020200630154708:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"product": {
"name": "nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64 (nodejs:12)",
"product_id": "nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@12.18.2-1.module%2Bel8.1.0%2B7232%2Bf8b5ede5?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:12:8010020200630154708:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"product": {
"name": "nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64 (nodejs:12)",
"product_id": "nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@12.18.2-1.module%2Bel8.1.0%2B7232%2Bf8b5ede5?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:12:8010020200630154708:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"product": {
"name": "nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64 (nodejs:12)",
"product_id": "nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@12.18.2-1.module%2Bel8.1.0%2B7232%2Bf8b5ede5?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:12:8010020200630154708:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"product": {
"name": "nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64 (nodejs:12)",
"product_id": "nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@12.18.2-1.module%2Bel8.1.0%2B7232%2Bf8b5ede5?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:12:8010020200630154708:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"product": {
"name": "npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.aarch64 (nodejs:12)",
"product_id": "npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@6.14.5-1.12.18.2.1.module%2Bel8.1.0%2B7232%2Bf8b5ede5?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:12:8010020200630154708:c27ad7f8"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"product": {
"name": "nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le (nodejs:12)",
"product_id": "nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@12.18.2-1.module%2Bel8.1.0%2B7232%2Bf8b5ede5?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:12:8010020200630154708:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"product": {
"name": "nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le (nodejs:12)",
"product_id": "nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@12.18.2-1.module%2Bel8.1.0%2B7232%2Bf8b5ede5?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:12:8010020200630154708:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"product": {
"name": "nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le (nodejs:12)",
"product_id": "nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@12.18.2-1.module%2Bel8.1.0%2B7232%2Bf8b5ede5?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:12:8010020200630154708:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"product": {
"name": "nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le (nodejs:12)",
"product_id": "nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@12.18.2-1.module%2Bel8.1.0%2B7232%2Bf8b5ede5?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:12:8010020200630154708:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"product": {
"name": "nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le (nodejs:12)",
"product_id": "nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@12.18.2-1.module%2Bel8.1.0%2B7232%2Bf8b5ede5?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:12:8010020200630154708:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"product": {
"name": "npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.ppc64le (nodejs:12)",
"product_id": "npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@6.14.5-1.12.18.2.1.module%2Bel8.1.0%2B7232%2Bf8b5ede5?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:12:8010020200630154708:c27ad7f8"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"product": {
"name": "nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x (nodejs:12)",
"product_id": "nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@12.18.2-1.module%2Bel8.1.0%2B7232%2Bf8b5ede5?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:12:8010020200630154708:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"product": {
"name": "nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x (nodejs:12)",
"product_id": "nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@12.18.2-1.module%2Bel8.1.0%2B7232%2Bf8b5ede5?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:12:8010020200630154708:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"product": {
"name": "nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x (nodejs:12)",
"product_id": "nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@12.18.2-1.module%2Bel8.1.0%2B7232%2Bf8b5ede5?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:12:8010020200630154708:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"product": {
"name": "nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x (nodejs:12)",
"product_id": "nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@12.18.2-1.module%2Bel8.1.0%2B7232%2Bf8b5ede5?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:12:8010020200630154708:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"product": {
"name": "nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x (nodejs:12)",
"product_id": "nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@12.18.2-1.module%2Bel8.1.0%2B7232%2Bf8b5ede5?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:12:8010020200630154708:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"product": {
"name": "npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.s390x (nodejs:12)",
"product_id": "npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@6.14.5-1.12.18.2.1.module%2Bel8.1.0%2B7232%2Bf8b5ede5?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:12:8010020200630154708:c27ad7f8"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"product": {
"name": "nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64 (nodejs:12)",
"product_id": "nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@12.18.2-1.module%2Bel8.1.0%2B7232%2Bf8b5ede5?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:12:8010020200630154708:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"product": {
"name": "nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64 (nodejs:12)",
"product_id": "nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@12.18.2-1.module%2Bel8.1.0%2B7232%2Bf8b5ede5?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:12:8010020200630154708:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"product": {
"name": "nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64 (nodejs:12)",
"product_id": "nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@12.18.2-1.module%2Bel8.1.0%2B7232%2Bf8b5ede5?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:12:8010020200630154708:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"product": {
"name": "nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64 (nodejs:12)",
"product_id": "nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@12.18.2-1.module%2Bel8.1.0%2B7232%2Bf8b5ede5?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:12:8010020200630154708:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"product": {
"name": "nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64 (nodejs:12)",
"product_id": "nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@12.18.2-1.module%2Bel8.1.0%2B7232%2Bf8b5ede5?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:12:8010020200630154708:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"product": {
"name": "npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.x86_64 (nodejs:12)",
"product_id": "npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@6.14.5-1.12.18.2.1.module%2Bel8.1.0%2B7232%2Bf8b5ede5?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:12:8010020200630154708:c27ad7f8"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64 (nodejs:12) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12"
},
"product_reference": "nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le (nodejs:12) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12"
},
"product_reference": "nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x (nodejs:12) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12"
},
"product_reference": "nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.src (nodejs:12) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.src::nodejs:12"
},
"product_reference": "nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.src::nodejs:12",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64 (nodejs:12) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12"
},
"product_reference": "nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64 (nodejs:12) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12"
},
"product_reference": "nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le (nodejs:12) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12"
},
"product_reference": "nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x (nodejs:12) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12"
},
"product_reference": "nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64 (nodejs:12) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12"
},
"product_reference": "nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64 (nodejs:12) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12"
},
"product_reference": "nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le (nodejs:12) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12"
},
"product_reference": "nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x (nodejs:12) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12"
},
"product_reference": "nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64 (nodejs:12) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12"
},
"product_reference": "nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64 (nodejs:12) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12"
},
"product_reference": "nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le (nodejs:12) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12"
},
"product_reference": "nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x (nodejs:12) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12"
},
"product_reference": "nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64 (nodejs:12) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12"
},
"product_reference": "nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.noarch (nodejs:12) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-docs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.noarch::nodejs:12"
},
"product_reference": "nodejs-docs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.noarch::nodejs:12",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64 (nodejs:12) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12"
},
"product_reference": "nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le (nodejs:12) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12"
},
"product_reference": "nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x (nodejs:12) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12"
},
"product_reference": "nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64 (nodejs:12) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12"
},
"product_reference": "nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch (nodejs:12) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12"
},
"product_reference": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src (nodejs:12) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src::nodejs:12"
},
"product_reference": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src::nodejs:12",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch (nodejs:12) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12"
},
"product_reference": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src (nodejs:12) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src::nodejs:12"
},
"product_reference": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src::nodejs:12",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.aarch64 (nodejs:12) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12"
},
"product_reference": "npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.ppc64le (nodejs:12) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12"
},
"product_reference": "npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.s390x (nodejs:12) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12"
},
"product_reference": "npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.x86_64 (nodejs:12) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12"
},
"product_reference": "npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-7598",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-03-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1813344"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-minimist, where it was tricked into adding or modifying properties of the Object.prototype using a \"constructor\" or \"__proto__\" payload. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Quay only includes minimist as a dependency of the test suites, and it not include it in the product. We may fix this issue in a future Red Hat Quay release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-docs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-7598"
},
{
"category": "external",
"summary": "RHBZ#1813344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7598"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7598",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7598"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764",
"url": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764"
}
],
"release_date": "2020-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-07T09:14:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-docs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-docs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload"
},
{
"cve": "CVE-2020-8172",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2020-06-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1845247"
}
],
"notes": [
{
"category": "description",
"text": "A TLS Hostname verification bypass vulnerability exists in NodeJS. This flaw allows an attacker to bypass TLS Hostname verification when a TLS client reuses HTTPS sessions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: TLS session reuse can lead to hostname verification bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue only affects the TLS 1.2 protocol, not TLS 1.3. This issue does not affect NodeJS 10.\n\nRed Hat Quay installed NodeJS as a dependency of Yarn. It does not use NodeJS at runtime, but executes Javascript on the client\u0027s browser instead. Therefore the impact of this vulnerability on Red Hat Quay is low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-docs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8172"
},
{
"category": "external",
"summary": "RHBZ#1845247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8172",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8172"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8172",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8172"
}
],
"release_date": "2020-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-07T09:14:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-docs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-docs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: TLS session reuse can lead to hostname verification bypass"
},
{
"cve": "CVE-2020-8174",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2020-06-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1845256"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs. Calling napi_get_value_string_latin1(), napi_get_value_string_utf8(), or napi_get_value_string_utf16() with a non-NULL buf, and a bufsize of 0 will cause the entire string value to be written to buf, probably overrunning the length of the buffer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: memory corruption in napi_get_value_string_* functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NodeJS is a build time dependency of Red Hat Quay and is not used at runtime. Therefore this issue will not fixed in Quay 3.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-docs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8174"
},
{
"category": "external",
"summary": "RHBZ#1845256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845256"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8174",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8174"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8174",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8174"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/784186",
"url": "https://hackerone.com/reports/784186"
}
],
"release_date": "2020-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-07T09:14:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-docs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-docs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: memory corruption in napi_get_value_string_* functions"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2020-11080",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2020-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1844929"
}
],
"notes": [
{
"category": "description",
"text": "A resource consumption vulnerability was found in nghttp2. This flaw allows an attacker to repeatedly construct an overly large HTTP/2 SETTINGS frame with a length of 14,400 bytes that causes excessive CPU usage, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nghttp2: overly large SETTINGS frames can lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-docs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11080"
},
{
"category": "external",
"summary": "RHBZ#1844929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1844929"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11080",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11080"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11080",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11080"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr",
"url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr"
}
],
"release_date": "2020-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-07T09:14:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-docs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-docs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch::nodejs:12",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.aarch64::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.ppc64le::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.s390x::nodejs:12",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5.x86_64::nodejs:12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nghttp2: overly large SETTINGS frames can lead to DoS"
}
]
}
RHSA-2020:2848
Vulnerability from csaf_redhat - Published: 2020-07-07 09:27 - Updated: 2026-02-27 11:12Summary
Red Hat Security Advisory: nodejs:10 security update
Severity
Important
Notes
Topic: An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (10.21.0).
Security Fix(es):
* nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080)
* nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598)
* nodejs: memory corruption in napi_get_value_string_* functions (CVE-2020-8174)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in nodejs-minimist, where it was tricked into adding or modifying properties of the Object.prototype using a "constructor" or "__proto__" payload. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
5.6 (Medium)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.src::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-docs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.noarch::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in nodejs. Calling napi_get_value_string_latin1(), napi_get_value_string_utf8(), or napi_get_value_string_utf16() with a non-NULL buf, and a bufsize of 0 will cause the entire string value to be written to buf, probably overrunning the length of the buffer.
8.1 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.src::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-docs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.noarch::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A resource consumption vulnerability was found in nghttp2. This flaw allows an attacker to repeatedly construct an overly large HTTP/2 SETTINGS frame with a length of 14,400 bytes that causes excessive CPU usage, leading to a denial of service.
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.src::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-docs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.noarch::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
21 references
Acknowledgments
the Envoy security team
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (10.21.0).\n\nSecurity Fix(es):\n\n* nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080)\n\n* nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598)\n\n* nodejs: memory corruption in napi_get_value_string_* functions (CVE-2020-8174)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:2848",
"url": "https://access.redhat.com/errata/RHSA-2020:2848"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1813344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813344"
},
{
"category": "external",
"summary": "1844929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1844929"
},
{
"category": "external",
"summary": "1845256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845256"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2848.json"
}
],
"title": "Red Hat Security Advisory: nodejs:10 security update",
"tracking": {
"current_release_date": "2026-02-27T11:12:34+00:00",
"generator": {
"date": "2026-02-27T11:12:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2020:2848",
"initial_release_date": "2020-07-07T09:27:40+00:00",
"revision_history": [
{
"date": "2020-07-07T09:27:40+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-07-07T09:27:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-27T11:12:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.src::nodejs:10",
"product": {
"name": "nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.src (nodejs:10)",
"product_id": "nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.src::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@10.21.0-3.module%2Bel8.2.0%2B7071%2Bd2377ea3?arch=src\u0026epoch=1\u0026rpmmod=nodejs:10:8020020200617141353:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10",
"product": {
"name": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src (nodejs:10)",
"product_id": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@1.18.3-1.module%2Bel8%2B2632%2B6c5111ed?arch=src\u0026rpmmod=nodejs:10:8020020200617141353:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10",
"product": {
"name": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src (nodejs:10)",
"product_id": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@17-3.module%2Bel8%2B2873%2Baa7dfd9a?arch=src\u0026rpmmod=nodejs:10:8020020200617141353:4cda2c84"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.noarch::nodejs:10",
"product": {
"name": "nodejs-docs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.noarch (nodejs:10)",
"product_id": "nodejs-docs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.noarch::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@10.21.0-3.module%2Bel8.2.0%2B7071%2Bd2377ea3?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:10:8020020200617141353:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10",
"product": {
"name": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch (nodejs:10)",
"product_id": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@1.18.3-1.module%2Bel8%2B2632%2B6c5111ed?arch=noarch\u0026rpmmod=nodejs:10:8020020200617141353:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10",
"product": {
"name": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch (nodejs:10)",
"product_id": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@17-3.module%2Bel8%2B2873%2Baa7dfd9a?arch=noarch\u0026rpmmod=nodejs:10:8020020200617141353:4cda2c84"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"product": {
"name": "nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64 (nodejs:10)",
"product_id": "nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@10.21.0-3.module%2Bel8.2.0%2B7071%2Bd2377ea3?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:10:8020020200617141353:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"product": {
"name": "nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64 (nodejs:10)",
"product_id": "nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@10.21.0-3.module%2Bel8.2.0%2B7071%2Bd2377ea3?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:10:8020020200617141353:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"product": {
"name": "nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64 (nodejs:10)",
"product_id": "nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@10.21.0-3.module%2Bel8.2.0%2B7071%2Bd2377ea3?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:10:8020020200617141353:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"product": {
"name": "nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64 (nodejs:10)",
"product_id": "nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@10.21.0-3.module%2Bel8.2.0%2B7071%2Bd2377ea3?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:10:8020020200617141353:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"product": {
"name": "nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64 (nodejs:10)",
"product_id": "nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@10.21.0-3.module%2Bel8.2.0%2B7071%2Bd2377ea3?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:10:8020020200617141353:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"product": {
"name": "npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.aarch64 (nodejs:10)",
"product_id": "npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@6.14.4-1.10.21.0.3.module%2Bel8.2.0%2B7071%2Bd2377ea3?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:10:8020020200617141353:4cda2c84"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"product": {
"name": "nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le (nodejs:10)",
"product_id": "nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@10.21.0-3.module%2Bel8.2.0%2B7071%2Bd2377ea3?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:10:8020020200617141353:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"product": {
"name": "nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le (nodejs:10)",
"product_id": "nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@10.21.0-3.module%2Bel8.2.0%2B7071%2Bd2377ea3?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:10:8020020200617141353:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"product": {
"name": "nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le (nodejs:10)",
"product_id": "nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@10.21.0-3.module%2Bel8.2.0%2B7071%2Bd2377ea3?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:10:8020020200617141353:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"product": {
"name": "nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le (nodejs:10)",
"product_id": "nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@10.21.0-3.module%2Bel8.2.0%2B7071%2Bd2377ea3?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:10:8020020200617141353:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"product": {
"name": "nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le (nodejs:10)",
"product_id": "nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@10.21.0-3.module%2Bel8.2.0%2B7071%2Bd2377ea3?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:10:8020020200617141353:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"product": {
"name": "npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.ppc64le (nodejs:10)",
"product_id": "npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@6.14.4-1.10.21.0.3.module%2Bel8.2.0%2B7071%2Bd2377ea3?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:10:8020020200617141353:4cda2c84"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"product": {
"name": "nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x (nodejs:10)",
"product_id": "nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@10.21.0-3.module%2Bel8.2.0%2B7071%2Bd2377ea3?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:10:8020020200617141353:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"product": {
"name": "nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x (nodejs:10)",
"product_id": "nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@10.21.0-3.module%2Bel8.2.0%2B7071%2Bd2377ea3?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:10:8020020200617141353:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"product": {
"name": "nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x (nodejs:10)",
"product_id": "nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@10.21.0-3.module%2Bel8.2.0%2B7071%2Bd2377ea3?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:10:8020020200617141353:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"product": {
"name": "nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x (nodejs:10)",
"product_id": "nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@10.21.0-3.module%2Bel8.2.0%2B7071%2Bd2377ea3?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:10:8020020200617141353:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"product": {
"name": "nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x (nodejs:10)",
"product_id": "nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@10.21.0-3.module%2Bel8.2.0%2B7071%2Bd2377ea3?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:10:8020020200617141353:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"product": {
"name": "npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.s390x (nodejs:10)",
"product_id": "npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@6.14.4-1.10.21.0.3.module%2Bel8.2.0%2B7071%2Bd2377ea3?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:10:8020020200617141353:4cda2c84"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"product": {
"name": "nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64 (nodejs:10)",
"product_id": "nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@10.21.0-3.module%2Bel8.2.0%2B7071%2Bd2377ea3?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:10:8020020200617141353:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"product": {
"name": "nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64 (nodejs:10)",
"product_id": "nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@10.21.0-3.module%2Bel8.2.0%2B7071%2Bd2377ea3?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:10:8020020200617141353:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"product": {
"name": "nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64 (nodejs:10)",
"product_id": "nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@10.21.0-3.module%2Bel8.2.0%2B7071%2Bd2377ea3?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:10:8020020200617141353:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"product": {
"name": "nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64 (nodejs:10)",
"product_id": "nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@10.21.0-3.module%2Bel8.2.0%2B7071%2Bd2377ea3?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:10:8020020200617141353:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"product": {
"name": "nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64 (nodejs:10)",
"product_id": "nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@10.21.0-3.module%2Bel8.2.0%2B7071%2Bd2377ea3?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:10:8020020200617141353:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"product": {
"name": "npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.x86_64 (nodejs:10)",
"product_id": "npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@6.14.4-1.10.21.0.3.module%2Bel8.2.0%2B7071%2Bd2377ea3?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:10:8020020200617141353:4cda2c84"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64 (nodejs:10) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10"
},
"product_reference": "nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le (nodejs:10) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10"
},
"product_reference": "nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x (nodejs:10) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10"
},
"product_reference": "nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.src (nodejs:10) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.src::nodejs:10"
},
"product_reference": "nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.src::nodejs:10",
"relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64 (nodejs:10) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10"
},
"product_reference": "nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64 (nodejs:10) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10"
},
"product_reference": "nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le (nodejs:10) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10"
},
"product_reference": "nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x (nodejs:10) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10"
},
"product_reference": "nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64 (nodejs:10) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10"
},
"product_reference": "nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64 (nodejs:10) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10"
},
"product_reference": "nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le (nodejs:10) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10"
},
"product_reference": "nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x (nodejs:10) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10"
},
"product_reference": "nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64 (nodejs:10) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10"
},
"product_reference": "nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64 (nodejs:10) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10"
},
"product_reference": "nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le (nodejs:10) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10"
},
"product_reference": "nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x (nodejs:10) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10"
},
"product_reference": "nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64 (nodejs:10) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10"
},
"product_reference": "nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.noarch (nodejs:10) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.Z.MAIN.EUS:nodejs-docs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.noarch::nodejs:10"
},
"product_reference": "nodejs-docs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.noarch::nodejs:10",
"relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64 (nodejs:10) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10"
},
"product_reference": "nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le (nodejs:10) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10"
},
"product_reference": "nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x (nodejs:10) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10"
},
"product_reference": "nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64 (nodejs:10) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10"
},
"product_reference": "nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch (nodejs:10) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.Z.MAIN.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10"
},
"product_reference": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10",
"relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src (nodejs:10) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.Z.MAIN.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10"
},
"product_reference": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10",
"relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch (nodejs:10) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.Z.MAIN.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10"
},
"product_reference": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10",
"relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src (nodejs:10) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.Z.MAIN.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10"
},
"product_reference": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10",
"relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.aarch64 (nodejs:10) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10"
},
"product_reference": "npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.ppc64le (nodejs:10) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10"
},
"product_reference": "npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.s390x (nodejs:10) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10"
},
"product_reference": "npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.x86_64 (nodejs:10) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10"
},
"product_reference": "npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-7598",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-03-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1813344"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-minimist, where it was tricked into adding or modifying properties of the Object.prototype using a \"constructor\" or \"__proto__\" payload. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Quay only includes minimist as a dependency of the test suites, and it not include it in the product. We may fix this issue in a future Red Hat Quay release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.src::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-docs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.noarch::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-7598"
},
{
"category": "external",
"summary": "RHBZ#1813344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7598"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7598",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7598"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764",
"url": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764"
}
],
"release_date": "2020-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-07T09:27:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.src::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-docs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.noarch::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2848"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.src::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-docs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.noarch::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload"
},
{
"cve": "CVE-2020-8174",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2020-06-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1845256"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs. Calling napi_get_value_string_latin1(), napi_get_value_string_utf8(), or napi_get_value_string_utf16() with a non-NULL buf, and a bufsize of 0 will cause the entire string value to be written to buf, probably overrunning the length of the buffer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: memory corruption in napi_get_value_string_* functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NodeJS is a build time dependency of Red Hat Quay and is not used at runtime. Therefore this issue will not fixed in Quay 3.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.src::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-docs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.noarch::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8174"
},
{
"category": "external",
"summary": "RHBZ#1845256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845256"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8174",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8174"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8174",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8174"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/784186",
"url": "https://hackerone.com/reports/784186"
}
],
"release_date": "2020-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-07T09:27:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.src::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-docs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.noarch::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2848"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.src::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-docs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.noarch::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: memory corruption in napi_get_value_string_* functions"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2020-11080",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2020-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1844929"
}
],
"notes": [
{
"category": "description",
"text": "A resource consumption vulnerability was found in nghttp2. This flaw allows an attacker to repeatedly construct an overly large HTTP/2 SETTINGS frame with a length of 14,400 bytes that causes excessive CPU usage, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nghttp2: overly large SETTINGS frames can lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.src::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-docs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.noarch::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11080"
},
{
"category": "external",
"summary": "RHBZ#1844929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1844929"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11080",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11080"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11080",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11080"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr",
"url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr"
}
],
"release_date": "2020-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-07T09:27:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.src::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-docs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.noarch::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2848"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.src::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-docs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.noarch::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.aarch64::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.ppc64le::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.s390x::nodejs:10",
"AppStream-8.2.0.Z.MAIN.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.x86_64::nodejs:10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nghttp2: overly large SETTINGS frames can lead to DoS"
}
]
}
RHSA-2020:2849
Vulnerability from csaf_redhat - Published: 2020-07-07 09:17 - Updated: 2026-02-27 11:11Summary
Red Hat Security Advisory: nodejs:10 security update
Severity
Important
Notes
Topic: An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (10.21.0).
Security Fix(es):
* nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080)
* nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598)
* nodejs: memory corruption in napi_get_value_string_* functions (CVE-2020-8174)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in nodejs-minimist, where it was tricked into adding or modifying properties of the Object.prototype using a "constructor" or "__proto__" payload. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
5.6 (Medium)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.src::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-docs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.noarch::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in nodejs. Calling napi_get_value_string_latin1(), napi_get_value_string_utf8(), or napi_get_value_string_utf16() with a non-NULL buf, and a bufsize of 0 will cause the entire string value to be written to buf, probably overrunning the length of the buffer.
8.1 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.src::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-docs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.noarch::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A resource consumption vulnerability was found in nghttp2. This flaw allows an attacker to repeatedly construct an overly large HTTP/2 SETTINGS frame with a length of 14,400 bytes that causes excessive CPU usage, leading to a denial of service.
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.src::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-docs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.noarch::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
21 references
Acknowledgments
the Envoy security team
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (10.21.0).\n\nSecurity Fix(es):\n\n* nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080)\n\n* nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598)\n\n* nodejs: memory corruption in napi_get_value_string_* functions (CVE-2020-8174)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:2849",
"url": "https://access.redhat.com/errata/RHSA-2020:2849"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1813344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813344"
},
{
"category": "external",
"summary": "1844929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1844929"
},
{
"category": "external",
"summary": "1845256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845256"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2849.json"
}
],
"title": "Red Hat Security Advisory: nodejs:10 security update",
"tracking": {
"current_release_date": "2026-02-27T11:11:45+00:00",
"generator": {
"date": "2026-02-27T11:11:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2020:2849",
"initial_release_date": "2020-07-07T09:17:33+00:00",
"revision_history": [
{
"date": "2020-07-07T09:17:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-07-07T09:17:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-27T11:11:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.1::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.src::nodejs:10",
"product": {
"name": "nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.src (nodejs:10)",
"product_id": "nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.src::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@10.21.0-3.module%2Bel8.1.0%2B7070%2Bfe09e702?arch=src\u0026epoch=1\u0026rpmmod=nodejs:10:8010020200617134056:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10",
"product": {
"name": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src (nodejs:10)",
"product_id": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@1.18.3-1.module%2Bel8%2B2632%2B6c5111ed?arch=src\u0026rpmmod=nodejs:10:8010020200617134056:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10",
"product": {
"name": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src (nodejs:10)",
"product_id": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@17-3.module%2Bel8%2B2873%2Baa7dfd9a?arch=src\u0026rpmmod=nodejs:10:8010020200617134056:c27ad7f8"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.noarch::nodejs:10",
"product": {
"name": "nodejs-docs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.noarch (nodejs:10)",
"product_id": "nodejs-docs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.noarch::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@10.21.0-3.module%2Bel8.1.0%2B7070%2Bfe09e702?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:10:8010020200617134056:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10",
"product": {
"name": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch (nodejs:10)",
"product_id": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@1.18.3-1.module%2Bel8%2B2632%2B6c5111ed?arch=noarch\u0026rpmmod=nodejs:10:8010020200617134056:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10",
"product": {
"name": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch (nodejs:10)",
"product_id": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@17-3.module%2Bel8%2B2873%2Baa7dfd9a?arch=noarch\u0026rpmmod=nodejs:10:8010020200617134056:c27ad7f8"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"product": {
"name": "nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64 (nodejs:10)",
"product_id": "nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@10.21.0-3.module%2Bel8.1.0%2B7070%2Bfe09e702?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:10:8010020200617134056:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"product": {
"name": "nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64 (nodejs:10)",
"product_id": "nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@10.21.0-3.module%2Bel8.1.0%2B7070%2Bfe09e702?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:10:8010020200617134056:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"product": {
"name": "nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64 (nodejs:10)",
"product_id": "nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@10.21.0-3.module%2Bel8.1.0%2B7070%2Bfe09e702?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:10:8010020200617134056:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"product": {
"name": "nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64 (nodejs:10)",
"product_id": "nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@10.21.0-3.module%2Bel8.1.0%2B7070%2Bfe09e702?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:10:8010020200617134056:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"product": {
"name": "nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64 (nodejs:10)",
"product_id": "nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@10.21.0-3.module%2Bel8.1.0%2B7070%2Bfe09e702?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:10:8010020200617134056:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"product": {
"name": "npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.aarch64 (nodejs:10)",
"product_id": "npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@6.14.4-1.10.21.0.3.module%2Bel8.1.0%2B7070%2Bfe09e702?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:10:8010020200617134056:c27ad7f8"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"product": {
"name": "nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le (nodejs:10)",
"product_id": "nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@10.21.0-3.module%2Bel8.1.0%2B7070%2Bfe09e702?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:10:8010020200617134056:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"product": {
"name": "nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le (nodejs:10)",
"product_id": "nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@10.21.0-3.module%2Bel8.1.0%2B7070%2Bfe09e702?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:10:8010020200617134056:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"product": {
"name": "nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le (nodejs:10)",
"product_id": "nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@10.21.0-3.module%2Bel8.1.0%2B7070%2Bfe09e702?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:10:8010020200617134056:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"product": {
"name": "nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le (nodejs:10)",
"product_id": "nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@10.21.0-3.module%2Bel8.1.0%2B7070%2Bfe09e702?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:10:8010020200617134056:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"product": {
"name": "nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le (nodejs:10)",
"product_id": "nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@10.21.0-3.module%2Bel8.1.0%2B7070%2Bfe09e702?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:10:8010020200617134056:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"product": {
"name": "npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.ppc64le (nodejs:10)",
"product_id": "npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@6.14.4-1.10.21.0.3.module%2Bel8.1.0%2B7070%2Bfe09e702?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:10:8010020200617134056:c27ad7f8"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"product": {
"name": "nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x (nodejs:10)",
"product_id": "nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@10.21.0-3.module%2Bel8.1.0%2B7070%2Bfe09e702?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:10:8010020200617134056:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"product": {
"name": "nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x (nodejs:10)",
"product_id": "nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@10.21.0-3.module%2Bel8.1.0%2B7070%2Bfe09e702?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:10:8010020200617134056:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"product": {
"name": "nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x (nodejs:10)",
"product_id": "nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@10.21.0-3.module%2Bel8.1.0%2B7070%2Bfe09e702?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:10:8010020200617134056:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"product": {
"name": "nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x (nodejs:10)",
"product_id": "nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@10.21.0-3.module%2Bel8.1.0%2B7070%2Bfe09e702?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:10:8010020200617134056:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"product": {
"name": "nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x (nodejs:10)",
"product_id": "nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@10.21.0-3.module%2Bel8.1.0%2B7070%2Bfe09e702?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:10:8010020200617134056:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"product": {
"name": "npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.s390x (nodejs:10)",
"product_id": "npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@6.14.4-1.10.21.0.3.module%2Bel8.1.0%2B7070%2Bfe09e702?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:10:8010020200617134056:c27ad7f8"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"product": {
"name": "nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64 (nodejs:10)",
"product_id": "nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@10.21.0-3.module%2Bel8.1.0%2B7070%2Bfe09e702?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:10:8010020200617134056:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"product": {
"name": "nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64 (nodejs:10)",
"product_id": "nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@10.21.0-3.module%2Bel8.1.0%2B7070%2Bfe09e702?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:10:8010020200617134056:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"product": {
"name": "nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64 (nodejs:10)",
"product_id": "nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@10.21.0-3.module%2Bel8.1.0%2B7070%2Bfe09e702?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:10:8010020200617134056:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"product": {
"name": "nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64 (nodejs:10)",
"product_id": "nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@10.21.0-3.module%2Bel8.1.0%2B7070%2Bfe09e702?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:10:8010020200617134056:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"product": {
"name": "nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64 (nodejs:10)",
"product_id": "nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@10.21.0-3.module%2Bel8.1.0%2B7070%2Bfe09e702?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:10:8010020200617134056:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"product": {
"name": "npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.x86_64 (nodejs:10)",
"product_id": "npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@6.14.4-1.10.21.0.3.module%2Bel8.1.0%2B7070%2Bfe09e702?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:10:8010020200617134056:c27ad7f8"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64 (nodejs:10) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10"
},
"product_reference": "nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le (nodejs:10) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10"
},
"product_reference": "nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x (nodejs:10) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10"
},
"product_reference": "nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.src (nodejs:10) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.src::nodejs:10"
},
"product_reference": "nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.src::nodejs:10",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64 (nodejs:10) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10"
},
"product_reference": "nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64 (nodejs:10) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10"
},
"product_reference": "nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le (nodejs:10) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10"
},
"product_reference": "nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x (nodejs:10) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10"
},
"product_reference": "nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64 (nodejs:10) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10"
},
"product_reference": "nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64 (nodejs:10) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10"
},
"product_reference": "nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le (nodejs:10) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10"
},
"product_reference": "nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x (nodejs:10) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10"
},
"product_reference": "nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64 (nodejs:10) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10"
},
"product_reference": "nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64 (nodejs:10) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10"
},
"product_reference": "nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le (nodejs:10) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10"
},
"product_reference": "nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x (nodejs:10) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10"
},
"product_reference": "nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64 (nodejs:10) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10"
},
"product_reference": "nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.noarch (nodejs:10) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-docs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.noarch::nodejs:10"
},
"product_reference": "nodejs-docs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.noarch::nodejs:10",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64 (nodejs:10) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10"
},
"product_reference": "nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le (nodejs:10) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10"
},
"product_reference": "nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x (nodejs:10) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10"
},
"product_reference": "nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64 (nodejs:10) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10"
},
"product_reference": "nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch (nodejs:10) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10"
},
"product_reference": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src (nodejs:10) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10"
},
"product_reference": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch (nodejs:10) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10"
},
"product_reference": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src (nodejs:10) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10"
},
"product_reference": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.aarch64 (nodejs:10) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10"
},
"product_reference": "npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.ppc64le (nodejs:10) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10"
},
"product_reference": "npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.s390x (nodejs:10) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10"
},
"product_reference": "npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.x86_64 (nodejs:10) as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10"
},
"product_reference": "npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-7598",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-03-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1813344"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-minimist, where it was tricked into adding or modifying properties of the Object.prototype using a \"constructor\" or \"__proto__\" payload. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Quay only includes minimist as a dependency of the test suites, and it not include it in the product. We may fix this issue in a future Red Hat Quay release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.src::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-docs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.noarch::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-7598"
},
{
"category": "external",
"summary": "RHBZ#1813344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7598"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7598",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7598"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764",
"url": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764"
}
],
"release_date": "2020-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-07T09:17:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.src::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-docs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.noarch::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2849"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.src::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-docs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.noarch::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload"
},
{
"cve": "CVE-2020-8174",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2020-06-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1845256"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs. Calling napi_get_value_string_latin1(), napi_get_value_string_utf8(), or napi_get_value_string_utf16() with a non-NULL buf, and a bufsize of 0 will cause the entire string value to be written to buf, probably overrunning the length of the buffer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: memory corruption in napi_get_value_string_* functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NodeJS is a build time dependency of Red Hat Quay and is not used at runtime. Therefore this issue will not fixed in Quay 3.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.src::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-docs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.noarch::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8174"
},
{
"category": "external",
"summary": "RHBZ#1845256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845256"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8174",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8174"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8174",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8174"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/784186",
"url": "https://hackerone.com/reports/784186"
}
],
"release_date": "2020-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-07T09:17:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.src::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-docs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.noarch::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2849"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.src::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-docs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.noarch::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: memory corruption in napi_get_value_string_* functions"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2020-11080",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2020-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1844929"
}
],
"notes": [
{
"category": "description",
"text": "A resource consumption vulnerability was found in nghttp2. This flaw allows an attacker to repeatedly construct an overly large HTTP/2 SETTINGS frame with a length of 14,400 bytes that causes excessive CPU usage, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nghttp2: overly large SETTINGS frames can lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.src::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-docs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.noarch::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11080"
},
{
"category": "external",
"summary": "RHBZ#1844929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1844929"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11080",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11080"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11080",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11080"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr",
"url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr"
}
],
"release_date": "2020-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-07T09:17:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.src::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-docs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.noarch::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2849"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.src::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-docs-1:10.21.0-3.module+el8.1.0+7070+fe09e702.noarch::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch::nodejs:10",
"AppStream-8.1.0.Z.EUS:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.aarch64::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.ppc64le::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.s390x::nodejs:10",
"AppStream-8.1.0.Z.EUS:npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702.x86_64::nodejs:10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nghttp2: overly large SETTINGS frames can lead to DoS"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…