Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-15606
Vulnerability from cvelistv5
Published
2020-02-07 14:58
Modified
2024-08-05 00:49
Severity ?
EPSS score ?
Summary
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | https://github.com/nodejs/node |
Version: 10.19.0, 12.15.0, 13.8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T00:49:13.841Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2020:0573", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2020:0573" }, { "name": "RHSA-2020:0579", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2020:0579" }, { "name": "RHSA-2020:0597", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2020:0597" }, { "name": "RHSA-2020:0598", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2020:0598" }, { "name": "RHSA-2020:0602", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2020:0602" }, { "name": "openSUSE-SU-2020:0293", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html" }, { "name": "GLSA-202003-48", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202003-48" }, { "name": "DSA-4669", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4669" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://nodejs.org/en/blog/release/v13.8.0/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://nodejs.org/en/blog/release/v10.19.0/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://nodejs.org/en/blog/release/v12.15.0/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200221-0004/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://hackerone.com/reports/730779" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "https://github.com/nodejs/node", "vendor": "n/a", "versions": [ { "status": "affected", "version": "10.19.0, 12.15.0, 13.8.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "Improper Input Validation (CWE-20)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-20T22:53:36", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "name": "RHSA-2020:0573", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2020:0573" }, { "name": "RHSA-2020:0579", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2020:0579" }, { "name": "RHSA-2020:0597", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2020:0597" }, { "name": "RHSA-2020:0598", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2020:0598" }, { "name": "RHSA-2020:0602", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2020:0602" }, { "name": "openSUSE-SU-2020:0293", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html" }, { "name": "GLSA-202003-48", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202003-48" }, { "name": "DSA-4669", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4669" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://nodejs.org/en/blog/release/v13.8.0/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://nodejs.org/en/blog/release/v10.19.0/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://nodejs.org/en/blog/release/v12.15.0/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20200221-0004/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://hackerone.com/reports/730779" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "support@hackerone.com", "ID": "CVE-2019-15606", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "https://github.com/nodejs/node", "version": { "version_data": [ { "version_value": "10.19.0, 12.15.0, 13.8.0" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Improper Input Validation (CWE-20)" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2020:0573", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0573" }, { "name": "RHSA-2020:0579", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0579" }, { "name": "RHSA-2020:0597", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0597" }, { "name": "RHSA-2020:0598", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0598" }, { "name": "RHSA-2020:0602", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0602" }, { "name": "openSUSE-SU-2020:0293", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html" }, { "name": "GLSA-202003-48", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-48" }, { "name": "DSA-4669", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4669" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "name": "https://nodejs.org/en/blog/release/v13.8.0/", "refsource": "CONFIRM", "url": "https://nodejs.org/en/blog/release/v13.8.0/" }, { "name": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "refsource": "CONFIRM", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" }, { "name": "https://nodejs.org/en/blog/release/v10.19.0/", "refsource": "CONFIRM", "url": "https://nodejs.org/en/blog/release/v10.19.0/" }, { "name": "https://nodejs.org/en/blog/release/v12.15.0/", "refsource": "CONFIRM", "url": "https://nodejs.org/en/blog/release/v12.15.0/" }, { "name": "https://security.netapp.com/advisory/ntap-20200221-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200221-0004/" }, { "name": "https://hackerone.com/reports/730779", "refsource": "MISC", "url": "https://hackerone.com/reports/730779" } ] } } } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2019-15606", "datePublished": "2020-02-07T14:58:08", "dateReserved": "2019-08-26T00:00:00", "dateUpdated": "2024-08-05T00:49:13.841Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2019-15606\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2020-02-07T15:15:11.413\",\"lastModified\":\"2024-11-21T04:29:07.063\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons\"},{\"lang\":\"es\",\"value\":\"Una inclusi\u00f3n de espacios en blanco finales en los valores de encabezado HTTP en Nodejs versiones 10, 12 y 13, causa una omisi\u00f3n de autorizaci\u00f3n seg\u00fan las comparaciones de valores de encabezado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.19.0\",\"matchCriteriaId\":\"E92EC0A2-0C04-4226-8905-5F580DF41F82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndExcluding\":\"12.15.0\",\"matchCriteriaId\":\"BA72B481-FA0B-473E-8E23-F0FC3D4C57F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndExcluding\":\"13.8.0\",\"matchCriteriaId\":\"D5B70848-F6C3-4131-8A91-6BA3379ED646\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E47FBC8E-1C21-4448-8C59-4D48F08B151B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:19.3.1:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"52D0A602-6044-4D93-9E67-4B24BE3BAD0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:20.0.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"ED734878-EBEA-418E-88A0-0C30AAB477E2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92BC9265-6959-4D37-BE5E-8C45E98992F8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0573\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0579\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0597\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0598\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0602\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/730779\",\"source\":\"support@hackerone.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/release/v10.19.0/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/release/v12.15.0/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/release/v13.8.0/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202003-48\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200221-0004/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4669\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0573\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0579\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0597\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0598\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0602\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/730779\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/release/v10.19.0/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/release/v12.15.0/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/release/v13.8.0/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202003-48\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200221-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4669\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
fkie_cve-2019-15606
Vulnerability from fkie_nvd
Published
2020-02-07 15:15
Modified
2024-11-21 04:29
Severity ?
Summary
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nodejs | node.js | * | |
nodejs | node.js | * | |
nodejs | node.js | * | |
oracle | communications_cloud_native_core_network_function_cloud_native_environment | 1.4.0 | |
oracle | graalvm | 19.3.1 | |
oracle | graalvm | 20.0.0 | |
debian | debian_linux | 10.0 | |
redhat | enterprise_linux | 8.0 | |
redhat | enterprise_linux_eus | 8.1 | |
opensuse | leap | 15.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "matchCriteriaId": "E92EC0A2-0C04-4226-8905-5F580DF41F82", "versionEndExcluding": "10.19.0", "versionStartIncluding": "10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "matchCriteriaId": "BA72B481-FA0B-473E-8E23-F0FC3D4C57F0", "versionEndExcluding": "12.15.0", "versionStartIncluding": "12.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "matchCriteriaId": "D5B70848-F6C3-4131-8A91-6BA3379ED646", "versionEndExcluding": "13.8.0", "versionStartIncluding": "13.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E47FBC8E-1C21-4448-8C59-4D48F08B151B", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:graalvm:19.3.1:*:*:*:enterprise:*:*:*", "matchCriteriaId": "52D0A602-6044-4D93-9E67-4B24BE3BAD0E", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:graalvm:20.0.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "ED734878-EBEA-418E-88A0-0C30AAB477E2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons" }, { "lang": "es", "value": "Una inclusi\u00f3n de espacios en blanco finales en los valores de encabezado HTTP en Nodejs versiones 10, 12 y 13, causa una omisi\u00f3n de autorizaci\u00f3n seg\u00fan las comparaciones de valores de encabezado." } ], "id": "CVE-2019-15606", "lastModified": "2024-11-21T04:29:07.063", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-02-07T15:15:11.413", "references": [ { "source": "support@hackerone.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html" }, { "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2020:0573" }, { "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2020:0579" }, { "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2020:0597" }, { "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2020:0598" }, { "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2020:0602" }, { "source": "support@hackerone.com", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://hackerone.com/reports/730779" }, { "source": "support@hackerone.com", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://nodejs.org/en/blog/release/v10.19.0/" }, { "source": "support@hackerone.com", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://nodejs.org/en/blog/release/v12.15.0/" }, { "source": "support@hackerone.com", "tags": [ "Vendor Advisory" ], "url": "https://nodejs.org/en/blog/release/v13.8.0/" }, { "source": "support@hackerone.com", "tags": [ "Vendor Advisory" ], "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" }, { "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202003-48" }, { "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20200221-0004/" }, { "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2020/dsa-4669" }, { "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2020:0573" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2020:0579" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2020:0597" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2020:0598" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2020:0602" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://hackerone.com/reports/730779" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://nodejs.org/en/blog/release/v10.19.0/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://nodejs.org/en/blog/release/v12.15.0/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nodejs.org/en/blog/release/v13.8.0/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202003-48" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20200221-0004/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2020/dsa-4669" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" } ], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "support@hackerone.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
rhsa-2020_0597
Vulnerability from csaf_redhat
Published
2020-02-25 13:07
Modified
2024-11-15 04:15
Summary
Red Hat Security Advisory: rh-nodejs10-nodejs security update
Notes
Topic
An update for rh-nodejs10-nodejs is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: rh-nodejs10-nodejs (10.19.0).
Security Fix(es):
* nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605)
* nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string (CVE-2019-15604)
* nodejs: HTTP header values do not have trailing optional whitespace trimmed (CVE-2019-15606)
* npm: Symlink reference outside of node_modules folder through the bin field upon installation (CVE-2019-16775)
* npm: Arbitrary file write via constructed entry in the package.json bin field (CVE-2019-16776)
* npm: Global node_modules Binary Overwrite (CVE-2019-16777)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for rh-nodejs10-nodejs is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.\n\nThe following packages have been upgraded to a later upstream version: rh-nodejs10-nodejs (10.19.0).\n\nSecurity Fix(es):\n\n* nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605)\n\n* nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string (CVE-2019-15604)\n\n* nodejs: HTTP header values do not have trailing optional whitespace trimmed (CVE-2019-15606)\n\n* npm: Symlink reference outside of node_modules folder through the bin field upon installation (CVE-2019-16775)\n\n* npm: Arbitrary file write via constructed entry in the package.json bin field (CVE-2019-16776)\n\n* npm: Global node_modules Binary Overwrite (CVE-2019-16777)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:0597", "url": "https://access.redhat.com/errata/RHSA-2020:0597" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1788301", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788301" }, { "category": "external", "summary": "1788305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788305" }, { "category": "external", "summary": "1788310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788310" }, { "category": "external", "summary": "1800364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800364" }, { "category": "external", "summary": "1800366", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800366" }, { "category": "external", "summary": "1800367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800367" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0597.json" } ], "title": "Red Hat Security Advisory: rh-nodejs10-nodejs security update", "tracking": { "current_release_date": "2024-11-15T04:15:45+00:00", "generator": { "date": "2024-11-15T04:15:45+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:0597", "initial_release_date": "2020-02-25T13:07:32+00:00", "revision_history": [ { "date": "2020-02-25T13:07:32+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-02-25T13:07:32+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T04:15:45+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } } ], "category": "product_family", "name": "Red Hat Software Collections" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "product": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "product_id": "rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-nodejs@10.19.0-1.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "product": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "product_id": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-nodejs-devel@10.19.0-1.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "product": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "product_id": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-npm@6.13.4-10.19.0.1.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "product": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "product_id": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-nodejs-debuginfo@10.19.0-1.el7?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "product": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "product_id": "rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-nodejs@10.19.0-1.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "product": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "product_id": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-nodejs-devel@10.19.0-1.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "product": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "product_id": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-npm@6.13.4-10.19.0.1.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "product": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "product_id": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-nodejs-debuginfo@10.19.0-1.el7?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "product": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "product_id": "rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-nodejs@10.19.0-1.el7?arch=aarch64" } } }, { "category": "product_version", "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "product": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "product_id": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-nodejs-devel@10.19.0-1.el7?arch=aarch64" } } }, { "category": "product_version", "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "product": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "product_id": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-npm@6.13.4-10.19.0.1.el7?arch=aarch64" } } }, { "category": "product_version", "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "product": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "product_id": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-nodejs-debuginfo@10.19.0-1.el7?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "product": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "product_id": "rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-nodejs@10.19.0-1.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "product": { "name": "rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "product_id": "rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-nodejs-docs@10.19.0-1.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "product": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "product_id": "rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-nodejs@10.19.0-1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "product": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "product_id": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-nodejs-devel@10.19.0-1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "product": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "product_id": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-npm@6.13.4-10.19.0.1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "product": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "product_id": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-nodejs-debuginfo@10.19.0-1.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch" }, "product_reference": "rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch" }, "product_reference": "rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch" }, "product_reference": "rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch" }, "product_reference": "rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch" }, "product_reference": "rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch" }, "product_reference": "rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-15604", "cwe": { "id": "CWE-172", "name": "Encoding Error" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800367" } ], "notes": [ { "category": "description", "text": "An encoding error flaw exists in the Node.js code that is used to read a peer certificate in the TLS client authentication. An attacker can use this flaw to crash the process used to handle TLS client authentication.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15604" }, { "category": "external", "summary": "RHBZ#1800367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800367" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15604", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15604" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" } ], "release_date": "2020-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T13:07:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0597" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string" }, { "cve": "CVE-2019-15605", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800364" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Node.js code where a specially crafted HTTP(s) request sent to a Node.js server failed to properly process the HTTP(s) headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is deployed behind a proxy server that reuses connections.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: HTTP request smuggling using malformed Transfer-Encoding header", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15605" }, { "category": "external", "summary": "RHBZ#1800364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800364" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15605", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15605" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" } ], "release_date": "2020-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T13:07:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0597" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "nodejs: HTTP request smuggling using malformed Transfer-Encoding header" }, { "cve": "CVE-2019-15606", "cwe": { "id": "CWE-138", "name": "Improper Neutralization of Special Elements" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800366" } ], "notes": [ { "category": "description", "text": "A flaw was found in Node.js where the HTTP(s) header values were not stripped of trailing whitespace. An attacker can use this flaw to send an HTTP(s) request which is validated by an upstream proxy server, but not by the Node.js HTTP(s) server.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: HTTP header values do not have trailing optional whitespace trimmed", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15606" }, { "category": "external", "summary": "RHBZ#1800366", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800366" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15606", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15606" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" } ], "release_date": "2020-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T13:07:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0597" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: HTTP header values do not have trailing optional whitespace trimmed" }, { "cve": "CVE-2019-16775", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-12-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788305" } ], "notes": [ { "category": "description", "text": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user\u0027s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", "title": "Vulnerability description" }, { "category": "summary", "text": "npm: Symlink reference outside of node_modules folder through the bin field upon installation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16775" }, { "category": "external", "summary": "RHBZ#1788305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788305" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16775", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16775" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16775", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16775" } ], "release_date": "2019-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T13:07:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0597" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "npm: Symlink reference outside of node_modules folder through the bin field upon installation" }, { "cve": "CVE-2019-16776", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-12-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788310" } ], "notes": [ { "category": "description", "text": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user\u0027s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", "title": "Vulnerability description" }, { "category": "summary", "text": "npm: Arbitrary file write via constructed entry in the package.json bin field", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16776" }, { "category": "external", "summary": "RHBZ#1788310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788310" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16776", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16776" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16776", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16776" } ], "release_date": "2019-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T13:07:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0597" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "npm: Arbitrary file write via constructed entry in the package.json bin field" }, { "cve": "CVE-2019-16777", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-12-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788301" } ], "notes": [ { "category": "description", "text": "Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", "title": "Vulnerability description" }, { "category": "summary", "text": "npm: Global node_modules Binary Overwrite", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16777" }, { "category": "external", "summary": "RHBZ#1788301", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788301" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16777", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16777" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16777", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16777" } ], "release_date": "2019-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T13:07:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0597" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "npm: Global node_modules Binary Overwrite" } ] }
rhsa-2020:0602
Vulnerability from csaf_redhat
Published
2020-02-25 15:56
Modified
2024-11-15 04:15
Summary
Red Hat Security Advisory: rh-nodejs12-nodejs security update
Notes
Topic
An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: rh-nodejs12-nodejs (12.16.1).
Security Fix(es):
* nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605)
* nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string (CVE-2019-15604)
* nodejs: HTTP header values do not have trailing optional whitespace trimmed (CVE-2019-15606)
* npm: Symlink reference outside of node_modules folder through the bin field upon installation (CVE-2019-16775)
* npm: Arbitrary file write via constructed entry in the package.json bin field (CVE-2019-16776)
* npm: Global node_modules Binary Overwrite (CVE-2019-16777)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.\n\nThe following packages have been upgraded to a later upstream version: rh-nodejs12-nodejs (12.16.1).\n\nSecurity Fix(es):\n\n* nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605)\n\n* nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string (CVE-2019-15604)\n\n* nodejs: HTTP header values do not have trailing optional whitespace trimmed (CVE-2019-15606)\n\n* npm: Symlink reference outside of node_modules folder through the bin field upon installation (CVE-2019-16775)\n\n* npm: Arbitrary file write via constructed entry in the package.json bin field (CVE-2019-16776)\n\n* npm: Global node_modules Binary Overwrite (CVE-2019-16777)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:0602", "url": "https://access.redhat.com/errata/RHSA-2020:0602" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1788301", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788301" }, { "category": "external", "summary": "1788305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788305" }, { "category": "external", "summary": "1788310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788310" }, { "category": "external", "summary": "1800364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800364" }, { "category": "external", "summary": "1800366", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800366" }, { "category": "external", "summary": "1800367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800367" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0602.json" } ], "title": "Red Hat Security Advisory: rh-nodejs12-nodejs security update", "tracking": { "current_release_date": "2024-11-15T04:15:53+00:00", "generator": { "date": "2024-11-15T04:15:53+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:0602", "initial_release_date": "2020-02-25T15:56:27+00:00", "revision_history": [ { "date": "2020-02-25T15:56:27+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-02-25T15:56:27+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T04:15:53+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } } ], "category": "product_family", "name": "Red Hat Software Collections" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "product": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "product_id": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs@12.16.1-1.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "product": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "product_id": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-devel@12.16.1-1.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "product": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "product_id": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-npm@6.13.4-12.16.1.1.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "product": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "product_id": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-debuginfo@12.16.1-1.el7?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "product": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "product_id": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs@12.16.1-1.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "product": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "product_id": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-devel@12.16.1-1.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "product": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "product_id": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-npm@6.13.4-12.16.1.1.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "product": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "product_id": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-debuginfo@12.16.1-1.el7?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "product": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "product_id": "rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs@12.16.1-1.el7?arch=aarch64" } } }, { "category": "product_version", "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "product": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "product_id": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-devel@12.16.1-1.el7?arch=aarch64" } } }, { "category": "product_version", "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "product": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "product_id": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-npm@6.13.4-12.16.1.1.el7?arch=aarch64" } } }, { "category": "product_version", "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "product": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "product_id": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-debuginfo@12.16.1-1.el7?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "product": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "product_id": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs@12.16.1-1.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "product": { "name": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "product_id": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-docs@12.16.1-1.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "product": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "product_id": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs@12.16.1-1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "product": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "product_id": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-devel@12.16.1-1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "product": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "product_id": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-npm@6.13.4-12.16.1.1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "product": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "product_id": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-debuginfo@12.16.1-1.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch" }, "product_reference": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch" }, "product_reference": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch" }, "product_reference": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch" }, "product_reference": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch" }, "product_reference": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch" }, "product_reference": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-15604", "cwe": { "id": "CWE-172", "name": "Encoding Error" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800367" } ], "notes": [ { "category": "description", "text": "An encoding error flaw exists in the Node.js code that is used to read a peer certificate in the TLS client authentication. An attacker can use this flaw to crash the process used to handle TLS client authentication.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15604" }, { "category": "external", "summary": "RHBZ#1800367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800367" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15604", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15604" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" } ], "release_date": "2020-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T15:56:27+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0602" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string" }, { "cve": "CVE-2019-15605", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800364" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Node.js code where a specially crafted HTTP(s) request sent to a Node.js server failed to properly process the HTTP(s) headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is deployed behind a proxy server that reuses connections.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: HTTP request smuggling using malformed Transfer-Encoding header", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15605" }, { "category": "external", "summary": "RHBZ#1800364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800364" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15605", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15605" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" } ], "release_date": "2020-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T15:56:27+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0602" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "nodejs: HTTP request smuggling using malformed Transfer-Encoding header" }, { "cve": "CVE-2019-15606", "cwe": { "id": "CWE-138", "name": "Improper Neutralization of Special Elements" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800366" } ], "notes": [ { "category": "description", "text": "A flaw was found in Node.js where the HTTP(s) header values were not stripped of trailing whitespace. An attacker can use this flaw to send an HTTP(s) request which is validated by an upstream proxy server, but not by the Node.js HTTP(s) server.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: HTTP header values do not have trailing optional whitespace trimmed", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15606" }, { "category": "external", "summary": "RHBZ#1800366", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800366" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15606", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15606" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" } ], "release_date": "2020-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T15:56:27+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0602" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: HTTP header values do not have trailing optional whitespace trimmed" }, { "cve": "CVE-2019-16775", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-12-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788305" } ], "notes": [ { "category": "description", "text": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user\u0027s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", "title": "Vulnerability description" }, { "category": "summary", "text": "npm: Symlink reference outside of node_modules folder through the bin field upon installation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16775" }, { "category": "external", "summary": "RHBZ#1788305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788305" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16775", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16775" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16775", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16775" } ], "release_date": "2019-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T15:56:27+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0602" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "npm: Symlink reference outside of node_modules folder through the bin field upon installation" }, { "cve": "CVE-2019-16776", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-12-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788310" } ], "notes": [ { "category": "description", "text": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user\u0027s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", "title": "Vulnerability description" }, { "category": "summary", "text": "npm: Arbitrary file write via constructed entry in the package.json bin field", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16776" }, { "category": "external", "summary": "RHBZ#1788310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788310" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16776", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16776" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16776", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16776" } ], "release_date": "2019-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T15:56:27+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0602" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "npm: Arbitrary file write via constructed entry in the package.json bin field" }, { "cve": "CVE-2019-16777", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-12-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788301" } ], "notes": [ { "category": "description", "text": "Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", "title": "Vulnerability description" }, { "category": "summary", "text": "npm: Global node_modules Binary Overwrite", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16777" }, { "category": "external", "summary": "RHBZ#1788301", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788301" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16777", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16777" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16777", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16777" } ], "release_date": "2019-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T15:56:27+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0602" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "npm: Global node_modules Binary Overwrite" } ] }
rhsa-2020_0602
Vulnerability from csaf_redhat
Published
2020-02-25 15:56
Modified
2024-11-15 04:15
Summary
Red Hat Security Advisory: rh-nodejs12-nodejs security update
Notes
Topic
An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: rh-nodejs12-nodejs (12.16.1).
Security Fix(es):
* nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605)
* nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string (CVE-2019-15604)
* nodejs: HTTP header values do not have trailing optional whitespace trimmed (CVE-2019-15606)
* npm: Symlink reference outside of node_modules folder through the bin field upon installation (CVE-2019-16775)
* npm: Arbitrary file write via constructed entry in the package.json bin field (CVE-2019-16776)
* npm: Global node_modules Binary Overwrite (CVE-2019-16777)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.\n\nThe following packages have been upgraded to a later upstream version: rh-nodejs12-nodejs (12.16.1).\n\nSecurity Fix(es):\n\n* nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605)\n\n* nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string (CVE-2019-15604)\n\n* nodejs: HTTP header values do not have trailing optional whitespace trimmed (CVE-2019-15606)\n\n* npm: Symlink reference outside of node_modules folder through the bin field upon installation (CVE-2019-16775)\n\n* npm: Arbitrary file write via constructed entry in the package.json bin field (CVE-2019-16776)\n\n* npm: Global node_modules Binary Overwrite (CVE-2019-16777)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:0602", "url": "https://access.redhat.com/errata/RHSA-2020:0602" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1788301", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788301" }, { "category": "external", "summary": "1788305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788305" }, { "category": "external", "summary": "1788310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788310" }, { "category": "external", "summary": "1800364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800364" }, { "category": "external", "summary": "1800366", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800366" }, { "category": "external", "summary": "1800367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800367" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0602.json" } ], "title": "Red Hat Security Advisory: rh-nodejs12-nodejs security update", "tracking": { "current_release_date": "2024-11-15T04:15:53+00:00", "generator": { "date": "2024-11-15T04:15:53+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:0602", "initial_release_date": "2020-02-25T15:56:27+00:00", "revision_history": [ { "date": "2020-02-25T15:56:27+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-02-25T15:56:27+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T04:15:53+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } } ], "category": "product_family", "name": "Red Hat Software Collections" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "product": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "product_id": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs@12.16.1-1.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "product": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "product_id": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-devel@12.16.1-1.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "product": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "product_id": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-npm@6.13.4-12.16.1.1.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "product": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "product_id": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-debuginfo@12.16.1-1.el7?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "product": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "product_id": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs@12.16.1-1.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "product": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "product_id": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-devel@12.16.1-1.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "product": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "product_id": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-npm@6.13.4-12.16.1.1.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "product": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "product_id": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-debuginfo@12.16.1-1.el7?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "product": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "product_id": "rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs@12.16.1-1.el7?arch=aarch64" } } }, { "category": "product_version", "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "product": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "product_id": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-devel@12.16.1-1.el7?arch=aarch64" } } }, { "category": "product_version", "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "product": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "product_id": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-npm@6.13.4-12.16.1.1.el7?arch=aarch64" } } }, { "category": "product_version", "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "product": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "product_id": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-debuginfo@12.16.1-1.el7?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "product": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "product_id": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs@12.16.1-1.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "product": { "name": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "product_id": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-docs@12.16.1-1.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "product": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "product_id": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs@12.16.1-1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "product": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "product_id": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-devel@12.16.1-1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "product": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "product_id": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-npm@6.13.4-12.16.1.1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "product": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "product_id": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-debuginfo@12.16.1-1.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch" }, "product_reference": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch" }, "product_reference": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch" }, "product_reference": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch" }, "product_reference": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch" }, "product_reference": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch" }, "product_reference": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-15604", "cwe": { "id": "CWE-172", "name": "Encoding Error" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800367" } ], "notes": [ { "category": "description", "text": "An encoding error flaw exists in the Node.js code that is used to read a peer certificate in the TLS client authentication. An attacker can use this flaw to crash the process used to handle TLS client authentication.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15604" }, { "category": "external", "summary": "RHBZ#1800367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800367" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15604", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15604" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" } ], "release_date": "2020-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T15:56:27+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0602" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string" }, { "cve": "CVE-2019-15605", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800364" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Node.js code where a specially crafted HTTP(s) request sent to a Node.js server failed to properly process the HTTP(s) headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is deployed behind a proxy server that reuses connections.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: HTTP request smuggling using malformed Transfer-Encoding header", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15605" }, { "category": "external", "summary": "RHBZ#1800364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800364" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15605", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15605" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" } ], "release_date": "2020-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T15:56:27+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0602" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "nodejs: HTTP request smuggling using malformed Transfer-Encoding header" }, { "cve": "CVE-2019-15606", "cwe": { "id": "CWE-138", "name": "Improper Neutralization of Special Elements" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800366" } ], "notes": [ { "category": "description", "text": "A flaw was found in Node.js where the HTTP(s) header values were not stripped of trailing whitespace. An attacker can use this flaw to send an HTTP(s) request which is validated by an upstream proxy server, but not by the Node.js HTTP(s) server.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: HTTP header values do not have trailing optional whitespace trimmed", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15606" }, { "category": "external", "summary": "RHBZ#1800366", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800366" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15606", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15606" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" } ], "release_date": "2020-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T15:56:27+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0602" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: HTTP header values do not have trailing optional whitespace trimmed" }, { "cve": "CVE-2019-16775", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-12-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788305" } ], "notes": [ { "category": "description", "text": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user\u0027s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", "title": "Vulnerability description" }, { "category": "summary", "text": "npm: Symlink reference outside of node_modules folder through the bin field upon installation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16775" }, { "category": "external", "summary": "RHBZ#1788305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788305" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16775", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16775" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16775", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16775" } ], "release_date": "2019-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T15:56:27+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0602" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "npm: Symlink reference outside of node_modules folder through the bin field upon installation" }, { "cve": "CVE-2019-16776", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-12-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788310" } ], "notes": [ { "category": "description", "text": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user\u0027s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", "title": "Vulnerability description" }, { "category": "summary", "text": "npm: Arbitrary file write via constructed entry in the package.json bin field", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16776" }, { "category": "external", "summary": "RHBZ#1788310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788310" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16776", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16776" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16776", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16776" } ], "release_date": "2019-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T15:56:27+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0602" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "npm: Arbitrary file write via constructed entry in the package.json bin field" }, { "cve": "CVE-2019-16777", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-12-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788301" } ], "notes": [ { "category": "description", "text": "Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", "title": "Vulnerability description" }, { "category": "summary", "text": "npm: Global node_modules Binary Overwrite", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16777" }, { "category": "external", "summary": "RHBZ#1788301", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788301" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16777", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16777" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16777", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16777" } ], "release_date": "2019-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T15:56:27+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0602" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "npm: Global node_modules Binary Overwrite" } ] }
rhsa-2020:0598
Vulnerability from csaf_redhat
Published
2020-02-25 13:42
Modified
2024-11-13 22:11
Summary
Red Hat Security Advisory: nodejs:12 security update
Notes
Topic
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (12.16.1).
Security Fix(es):
* nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605)
* nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string (CVE-2019-15604)
* nodejs: HTTP header values do not have trailing optional whitespace trimmed (CVE-2019-15606)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.\n\nThe following packages have been upgraded to a later upstream version: nodejs (12.16.1).\n\nSecurity Fix(es):\n\n* nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605)\n\n* nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string (CVE-2019-15604)\n\n* nodejs: HTTP header values do not have trailing optional whitespace trimmed (CVE-2019-15606)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:0598", "url": "https://access.redhat.com/errata/RHSA-2020:0598" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1800364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800364" }, { "category": "external", "summary": "1800366", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800366" }, { "category": "external", "summary": "1800367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800367" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0598.json" } ], "title": "Red Hat Security Advisory: nodejs:12 security update", "tracking": { "current_release_date": "2024-11-13T22:11:54+00:00", "generator": { "date": "2024-11-13T22:11:54+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2020:0598", "initial_release_date": "2020-02-25T13:42:28+00:00", "revision_history": [ { "date": "2020-02-25T13:42:28+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-02-25T13:42:28+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-13T22:11:54+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "nodejs:12:8010020200220143053:c27ad7f8", "product": { "name": "nodejs:12:8010020200220143053:c27ad7f8", "product_id": "nodejs:12:8010020200220143053:c27ad7f8", "product_identification_helper": { "purl": "pkg:rpmmod/redhat/nodejs@12:8010020200220143053:c27ad7f8" } } }, { "category": "product_version", "name": "nodejs-docs-1:12.16.1-1.module+el8.1.0+5811+44509afe.noarch", "product": { "name": "nodejs-docs-1:12.16.1-1.module+el8.1.0+5811+44509afe.noarch", "product_id": "nodejs-docs-1:12.16.1-1.module+el8.1.0+5811+44509afe.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-docs@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "product": { "name": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "product_id": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-nodemon@1.18.3-1.module%2Bel8.1.0%2B3369%2B37ae6a45?arch=noarch" } } }, { "category": "product_version", "name": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "product": { "name": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "product_id": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-packaging@17-3.module%2Bel8.1.0%2B3369%2B37ae6a45?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "product": { "name": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "product_id": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "product": { "name": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "product_id": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "product": { "name": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "product_id": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "product": { "name": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "product_id": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.aarch64", "product": { "name": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.aarch64", "product_id": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.13.4-1.12.16.1.1.module%2Bel8.1.0%2B5811%2B44509afe?arch=aarch64\u0026epoch=1" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.src", "product": { "name": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.src", "product_id": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "product": { "name": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "product_id": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-nodemon@1.18.3-1.module%2Bel8.1.0%2B3369%2B37ae6a45?arch=src" } } }, { "category": "product_version", "name": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "product": { "name": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "product_id": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-packaging@17-3.module%2Bel8.1.0%2B3369%2B37ae6a45?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "product": { "name": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "product_id": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "product": { "name": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "product_id": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "product": { "name": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "product_id": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "product": { "name": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "product_id": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.ppc64le", "product": { "name": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.ppc64le", "product_id": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.13.4-1.12.16.1.1.module%2Bel8.1.0%2B5811%2B44509afe?arch=ppc64le\u0026epoch=1" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "product": { "name": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "product_id": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "product": { "name": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "product_id": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "product": { "name": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "product_id": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "product": { "name": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "product_id": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.s390x", "product": { "name": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.s390x", "product_id": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.13.4-1.12.16.1.1.module%2Bel8.1.0%2B5811%2B44509afe?arch=s390x\u0026epoch=1" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "product": { "name": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "product_id": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "product": { "name": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "product_id": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "product": { "name": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "product_id": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "product": { "name": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "product_id": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.x86_64", "product": { "name": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.x86_64", "product_id": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.13.4-1.12.16.1.1.module%2Bel8.1.0%2B5811%2B44509afe?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, "product_reference": "nodejs:12:8010020200220143053:c27ad7f8", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64 as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64" }, "product_reference": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le" }, "product_reference": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x" }, "product_reference": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.src as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.src" }, "product_reference": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.src", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64 as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64" }, "product_reference": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64 as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64" }, "product_reference": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le" }, "product_reference": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x" }, "product_reference": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64 as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64" }, "product_reference": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64 as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64" }, "product_reference": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le" }, "product_reference": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x" }, "product_reference": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64 as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64" }, "product_reference": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64 as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64" }, "product_reference": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le" }, "product_reference": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x" }, "product_reference": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64 as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64" }, "product_reference": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-docs-1:12.16.1-1.module+el8.1.0+5811+44509afe.noarch as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-docs-1:12.16.1-1.module+el8.1.0+5811+44509afe.noarch" }, "product_reference": "nodejs-docs-1:12.16.1-1.module+el8.1.0+5811+44509afe.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch" }, "product_reference": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src" }, "product_reference": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch" }, "product_reference": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src" }, "product_reference": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.aarch64 as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.aarch64" }, "product_reference": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.aarch64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.ppc64le as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.ppc64le" }, "product_reference": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.s390x as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.s390x" }, "product_reference": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.s390x", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.x86_64 as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.x86_64" }, "product_reference": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-15604", "cwe": { "id": "CWE-172", "name": "Encoding Error" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800367" } ], "notes": [ { "category": "description", "text": "An encoding error flaw exists in the Node.js code that is used to read a peer certificate in the TLS client authentication. An attacker can use this flaw to crash the process used to handle TLS client authentication.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-docs-1:12.16.1-1.module+el8.1.0+5811+44509afe.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15604" }, { "category": "external", "summary": "RHBZ#1800367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800367" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15604", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15604" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" } ], "release_date": "2020-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T13:42:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-docs-1:12.16.1-1.module+el8.1.0+5811+44509afe.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0598" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-docs-1:12.16.1-1.module+el8.1.0+5811+44509afe.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string" }, { "cve": "CVE-2019-15605", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800364" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Node.js code where a specially crafted HTTP(s) request sent to a Node.js server failed to properly process the HTTP(s) headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is deployed behind a proxy server that reuses connections.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: HTTP request smuggling using malformed Transfer-Encoding header", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-docs-1:12.16.1-1.module+el8.1.0+5811+44509afe.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15605" }, { "category": "external", "summary": "RHBZ#1800364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800364" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15605", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15605" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" } ], "release_date": "2020-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T13:42:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-docs-1:12.16.1-1.module+el8.1.0+5811+44509afe.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0598" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "version": "3.1" }, "products": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-docs-1:12.16.1-1.module+el8.1.0+5811+44509afe.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "nodejs: HTTP request smuggling using malformed Transfer-Encoding header" }, { "cve": "CVE-2019-15606", "cwe": { "id": "CWE-138", "name": "Improper Neutralization of Special Elements" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800366" } ], "notes": [ { "category": "description", "text": "A flaw was found in Node.js where the HTTP(s) header values were not stripped of trailing whitespace. An attacker can use this flaw to send an HTTP(s) request which is validated by an upstream proxy server, but not by the Node.js HTTP(s) server.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: HTTP header values do not have trailing optional whitespace trimmed", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-docs-1:12.16.1-1.module+el8.1.0+5811+44509afe.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15606" }, { "category": "external", "summary": "RHBZ#1800366", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800366" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15606", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15606" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" } ], "release_date": "2020-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T13:42:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-docs-1:12.16.1-1.module+el8.1.0+5811+44509afe.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0598" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-docs-1:12.16.1-1.module+el8.1.0+5811+44509afe.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: HTTP header values do not have trailing optional whitespace trimmed" } ] }
RHSA-2020:0598
Vulnerability from csaf_redhat
Published
2020-02-25 13:42
Modified
2024-11-13 22:11
Summary
Red Hat Security Advisory: nodejs:12 security update
Notes
Topic
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (12.16.1).
Security Fix(es):
* nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605)
* nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string (CVE-2019-15604)
* nodejs: HTTP header values do not have trailing optional whitespace trimmed (CVE-2019-15606)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.\n\nThe following packages have been upgraded to a later upstream version: nodejs (12.16.1).\n\nSecurity Fix(es):\n\n* nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605)\n\n* nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string (CVE-2019-15604)\n\n* nodejs: HTTP header values do not have trailing optional whitespace trimmed (CVE-2019-15606)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:0598", "url": "https://access.redhat.com/errata/RHSA-2020:0598" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1800364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800364" }, { "category": "external", "summary": "1800366", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800366" }, { "category": "external", "summary": "1800367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800367" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0598.json" } ], "title": "Red Hat Security Advisory: nodejs:12 security update", "tracking": { "current_release_date": "2024-11-13T22:11:54+00:00", "generator": { "date": "2024-11-13T22:11:54+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2020:0598", "initial_release_date": "2020-02-25T13:42:28+00:00", "revision_history": [ { "date": "2020-02-25T13:42:28+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-02-25T13:42:28+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-13T22:11:54+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "nodejs:12:8010020200220143053:c27ad7f8", "product": { "name": "nodejs:12:8010020200220143053:c27ad7f8", "product_id": "nodejs:12:8010020200220143053:c27ad7f8", "product_identification_helper": { "purl": "pkg:rpmmod/redhat/nodejs@12:8010020200220143053:c27ad7f8" } } }, { "category": "product_version", "name": "nodejs-docs-1:12.16.1-1.module+el8.1.0+5811+44509afe.noarch", "product": { "name": "nodejs-docs-1:12.16.1-1.module+el8.1.0+5811+44509afe.noarch", "product_id": "nodejs-docs-1:12.16.1-1.module+el8.1.0+5811+44509afe.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-docs@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "product": { "name": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "product_id": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-nodemon@1.18.3-1.module%2Bel8.1.0%2B3369%2B37ae6a45?arch=noarch" } } }, { "category": "product_version", "name": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "product": { "name": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "product_id": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-packaging@17-3.module%2Bel8.1.0%2B3369%2B37ae6a45?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "product": { "name": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "product_id": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "product": { "name": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "product_id": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "product": { "name": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "product_id": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "product": { "name": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "product_id": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.aarch64", "product": { "name": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.aarch64", "product_id": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.13.4-1.12.16.1.1.module%2Bel8.1.0%2B5811%2B44509afe?arch=aarch64\u0026epoch=1" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.src", "product": { "name": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.src", "product_id": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "product": { "name": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "product_id": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-nodemon@1.18.3-1.module%2Bel8.1.0%2B3369%2B37ae6a45?arch=src" } } }, { "category": "product_version", "name": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "product": { "name": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "product_id": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-packaging@17-3.module%2Bel8.1.0%2B3369%2B37ae6a45?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "product": { "name": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "product_id": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "product": { "name": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "product_id": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "product": { "name": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "product_id": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "product": { "name": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "product_id": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.ppc64le", "product": { "name": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.ppc64le", "product_id": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.13.4-1.12.16.1.1.module%2Bel8.1.0%2B5811%2B44509afe?arch=ppc64le\u0026epoch=1" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "product": { "name": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "product_id": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "product": { "name": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "product_id": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "product": { "name": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "product_id": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "product": { "name": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "product_id": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.s390x", "product": { "name": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.s390x", "product_id": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.13.4-1.12.16.1.1.module%2Bel8.1.0%2B5811%2B44509afe?arch=s390x\u0026epoch=1" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "product": { "name": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "product_id": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "product": { "name": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "product_id": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "product": { "name": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "product_id": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "product": { "name": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "product_id": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@12.16.1-1.module%2Bel8.1.0%2B5811%2B44509afe?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.x86_64", "product": { "name": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.x86_64", "product_id": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.13.4-1.12.16.1.1.module%2Bel8.1.0%2B5811%2B44509afe?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, "product_reference": "nodejs:12:8010020200220143053:c27ad7f8", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64 as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64" }, "product_reference": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le" }, "product_reference": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x" }, "product_reference": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.src as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.src" }, "product_reference": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.src", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64 as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64" }, "product_reference": "nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64 as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64" }, "product_reference": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le" }, "product_reference": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x" }, "product_reference": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64 as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64" }, "product_reference": "nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64 as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64" }, "product_reference": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le" }, "product_reference": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x" }, "product_reference": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64 as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64" }, "product_reference": "nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64 as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64" }, "product_reference": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le" }, "product_reference": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x" }, "product_reference": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64 as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64" }, "product_reference": "nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-docs-1:12.16.1-1.module+el8.1.0+5811+44509afe.noarch as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-docs-1:12.16.1-1.module+el8.1.0+5811+44509afe.noarch" }, "product_reference": "nodejs-docs-1:12.16.1-1.module+el8.1.0+5811+44509afe.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch" }, "product_reference": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src" }, "product_reference": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch" }, "product_reference": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src" }, "product_reference": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.aarch64 as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.aarch64" }, "product_reference": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.aarch64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.ppc64le as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.ppc64le" }, "product_reference": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.s390x as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.s390x" }, "product_reference": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.s390x", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.x86_64 as a component of nodejs:12:8010020200220143053:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.x86_64" }, "product_reference": "npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-15604", "cwe": { "id": "CWE-172", "name": "Encoding Error" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800367" } ], "notes": [ { "category": "description", "text": "An encoding error flaw exists in the Node.js code that is used to read a peer certificate in the TLS client authentication. An attacker can use this flaw to crash the process used to handle TLS client authentication.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-docs-1:12.16.1-1.module+el8.1.0+5811+44509afe.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15604" }, { "category": "external", "summary": "RHBZ#1800367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800367" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15604", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15604" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" } ], "release_date": "2020-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T13:42:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-docs-1:12.16.1-1.module+el8.1.0+5811+44509afe.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0598" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-docs-1:12.16.1-1.module+el8.1.0+5811+44509afe.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string" }, { "cve": "CVE-2019-15605", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800364" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Node.js code where a specially crafted HTTP(s) request sent to a Node.js server failed to properly process the HTTP(s) headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is deployed behind a proxy server that reuses connections.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: HTTP request smuggling using malformed Transfer-Encoding header", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-docs-1:12.16.1-1.module+el8.1.0+5811+44509afe.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15605" }, { "category": "external", "summary": "RHBZ#1800364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800364" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15605", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15605" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" } ], "release_date": "2020-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T13:42:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-docs-1:12.16.1-1.module+el8.1.0+5811+44509afe.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0598" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "version": "3.1" }, "products": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-docs-1:12.16.1-1.module+el8.1.0+5811+44509afe.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "nodejs: HTTP request smuggling using malformed Transfer-Encoding header" }, { "cve": "CVE-2019-15606", "cwe": { "id": "CWE-138", "name": "Improper Neutralization of Special Elements" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800366" } ], "notes": [ { "category": "description", "text": "A flaw was found in Node.js where the HTTP(s) header values were not stripped of trailing whitespace. An attacker can use this flaw to send an HTTP(s) request which is validated by an upstream proxy server, but not by the Node.js HTTP(s) server.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: HTTP header values do not have trailing optional whitespace trimmed", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-docs-1:12.16.1-1.module+el8.1.0+5811+44509afe.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15606" }, { "category": "external", "summary": "RHBZ#1800366", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800366" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15606", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15606" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" } ], "release_date": "2020-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T13:42:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-docs-1:12.16.1-1.module+el8.1.0+5811+44509afe.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0598" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-docs-1:12.16.1-1.module+el8.1.0+5811+44509afe.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200220143053:c27ad7f8:npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: HTTP header values do not have trailing optional whitespace trimmed" } ] }
RHSA-2020:0573
Vulnerability from csaf_redhat
Published
2020-02-24 12:55
Modified
2024-11-15 04:16
Summary
Red Hat Security Advisory: nodejs:10 security update
Notes
Topic
An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (10.19.0).
Security Fix(es):
* nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605)
* nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string (CVE-2019-15604)
* nodejs: HTTP header values do not have trailing optional whitespace trimmed (CVE-2019-15606)
* npm: Symlink reference outside of node_modules folder through the bin field upon installation (CVE-2019-16775)
* npm: Arbitrary file write via constructed entry in the package.json bin field (CVE-2019-16776)
* npm: Global node_modules Binary Overwrite (CVE-2019-16777)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.\n\nThe following packages have been upgraded to a later upstream version: nodejs (10.19.0).\n\nSecurity Fix(es):\n\n* nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605)\n\n* nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string (CVE-2019-15604)\n\n* nodejs: HTTP header values do not have trailing optional whitespace trimmed (CVE-2019-15606)\n\n* npm: Symlink reference outside of node_modules folder through the bin field upon installation (CVE-2019-16775)\n\n* npm: Arbitrary file write via constructed entry in the package.json bin field (CVE-2019-16776)\n\n* npm: Global node_modules Binary Overwrite (CVE-2019-16777)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:0573", "url": "https://access.redhat.com/errata/RHSA-2020:0573" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1788301", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788301" }, { "category": "external", "summary": "1788305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788305" }, { "category": "external", "summary": "1788310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788310" }, { "category": "external", "summary": "1800364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800364" }, { "category": "external", "summary": "1800366", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800366" }, { "category": "external", "summary": "1800367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800367" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0573.json" } ], "title": "Red Hat Security Advisory: nodejs:10 security update", "tracking": { "current_release_date": "2024-11-15T04:16:33+00:00", "generator": { "date": "2024-11-15T04:16:33+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:0573", "initial_release_date": "2020-02-24T12:55:00+00:00", "revision_history": [ { "date": "2020-02-24T12:55:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-02-24T12:55:00+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T04:16:33+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product": { "name": "Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_e4s:8.0::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "nodejs:10:8000020200214110450:f8e95b4e", "product": { "name": "nodejs:10:8000020200214110450:f8e95b4e", "product_id": "nodejs:10:8000020200214110450:f8e95b4e", "product_identification_helper": { "purl": "pkg:rpmmod/redhat/nodejs@10:8000020200214110450:f8e95b4e" } } }, { "category": "product_version", "name": "nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "product": { "name": "nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "product_id": "nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-docs@10.19.0-1.module%2Bel8.0.0%2B5738%2B1362a79c?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "product": { "name": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "product_id": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-nodemon@1.18.3-1.module%2Bel8%2B2632%2B6c5111ed?arch=noarch" } } }, { "category": "product_version", "name": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "product": { "name": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "product_id": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-packaging@17-3.module%2Bel8%2B2873%2Baa7dfd9a?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "product": { "name": "nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "product_id": "nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@10.19.0-1.module%2Bel8.0.0%2B5738%2B1362a79c?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "product": { "name": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "product_id": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-nodemon@1.18.3-1.module%2Bel8%2B2632%2B6c5111ed?arch=src" } } }, { "category": "product_version", "name": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "product": { "name": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "product_id": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-packaging@17-3.module%2Bel8%2B2873%2Baa7dfd9a?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "product": { "name": "nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "product_id": "nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@10.19.0-1.module%2Bel8.0.0%2B5738%2B1362a79c?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "product": { "name": "nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "product_id": "nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@10.19.0-1.module%2Bel8.0.0%2B5738%2B1362a79c?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "product": { "name": "nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "product_id": "nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@10.19.0-1.module%2Bel8.0.0%2B5738%2B1362a79c?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "product": { "name": "nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "product_id": "nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@10.19.0-1.module%2Bel8.0.0%2B5738%2B1362a79c?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "product": { "name": "npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "product_id": "npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.13.4-1.10.19.0.1.module%2Bel8.0.0%2B5738%2B1362a79c?arch=ppc64le\u0026epoch=1" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "product": { "name": "nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "product_id": "nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@10.19.0-1.module%2Bel8.0.0%2B5738%2B1362a79c?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "product": { "name": "nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "product_id": "nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@10.19.0-1.module%2Bel8.0.0%2B5738%2B1362a79c?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "product": { "name": "nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "product_id": "nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@10.19.0-1.module%2Bel8.0.0%2B5738%2B1362a79c?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "product": { "name": "nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "product_id": "nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@10.19.0-1.module%2Bel8.0.0%2B5738%2B1362a79c?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "product": { "name": "nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "product_id": "nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel-debuginfo@10.19.0-1.module%2Bel8.0.0%2B5738%2B1362a79c?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64", "product": { "name": "npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64", "product_id": "npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.13.4-1.10.19.0.1.module%2Bel8.0.0%2B5738%2B1362a79c?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, "product_reference": "nodejs:10:8000020200214110450:f8e95b4e", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le" }, "product_reference": "nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src" }, "product_reference": "nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64 as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64" }, "product_reference": "nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le" }, "product_reference": "nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64 as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64" }, "product_reference": "nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le" }, "product_reference": "nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64 as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64" }, "product_reference": "nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le" }, "product_reference": "nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64 as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64" }, "product_reference": "nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64 as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64" }, "product_reference": "nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch" }, "product_reference": "nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch" }, "product_reference": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src" }, "product_reference": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch" }, "product_reference": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src" }, "product_reference": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le" }, "product_reference": "npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64 as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64" }, "product_reference": "npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-15604", "cwe": { "id": "CWE-172", "name": "Encoding Error" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800367" } ], "notes": [ { "category": "description", "text": "An encoding error flaw exists in the Node.js code that is used to read a peer certificate in the TLS client authentication. An attacker can use this flaw to crash the process used to handle TLS client authentication.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15604" }, { "category": "external", "summary": "RHBZ#1800367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800367" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15604", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15604" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" } ], "release_date": "2020-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-24T12:55:00+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0573" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string" }, { "cve": "CVE-2019-15605", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800364" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Node.js code where a specially crafted HTTP(s) request sent to a Node.js server failed to properly process the HTTP(s) headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is deployed behind a proxy server that reuses connections.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: HTTP request smuggling using malformed Transfer-Encoding header", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15605" }, { "category": "external", "summary": "RHBZ#1800364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800364" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15605", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15605" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" } ], "release_date": "2020-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-24T12:55:00+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0573" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "version": "3.1" }, "products": [ "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "nodejs: HTTP request smuggling using malformed Transfer-Encoding header" }, { "cve": "CVE-2019-15606", "cwe": { "id": "CWE-138", "name": "Improper Neutralization of Special Elements" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800366" } ], "notes": [ { "category": "description", "text": "A flaw was found in Node.js where the HTTP(s) header values were not stripped of trailing whitespace. An attacker can use this flaw to send an HTTP(s) request which is validated by an upstream proxy server, but not by the Node.js HTTP(s) server.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: HTTP header values do not have trailing optional whitespace trimmed", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15606" }, { "category": "external", "summary": "RHBZ#1800366", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800366" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15606", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15606" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" } ], "release_date": "2020-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-24T12:55:00+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0573" }