Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-7160 (GCVE-0-2018-7160)
Vulnerability from cvelistv5 – Published: 2018-05-17 14:00 – Updated: 2024-09-17 01:35- CWE-350 - Reliance on Reverse DNS Resolution for a Security-Critical Action
| URL | Tags |
|---|---|
| https://www.oracle.com//security-alerts/cpujul2021.html | x_refsource_MISC |
| https://nodejs.org/en/blog/vulnerability/march-20… | x_refsource_CONFIRM |
| https://support.f5.com/csp/article/K63025104?utm_… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| The Node.js Project | Node.js |
Affected:
^6.0.0 || ^8.0.0 || ^9.0.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:10.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K63025104?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Node.js",
"vendor": "The Node.js Project",
"versions": [
{
"status": "affected",
"version": "^6.0.0 || ^8.0.0 || ^9.0.0"
}
]
}
],
"datePublic": "2018-03-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-350",
"description": "CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T22:53:16.000Z",
"orgId": "386269d4-a6c6-4eaa-bf8e-bc0b0d010558",
"shortName": "nodejs"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K63025104?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-request@iojs.org",
"DATE_PUBLIC": "2018-03-21T00:00:00",
"ID": "CVE-2018-7160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Node.js",
"version": {
"version_data": [
{
"version_value": "^6.0.0 || ^8.0.0 || ^9.0.0"
}
]
}
}
]
},
"vendor_name": "The Node.js Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/",
"refsource": "CONFIRM",
"url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/"
},
{
"name": "https://support.f5.com/csp/article/K63025104?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K63025104?utm_source=f5support\u0026amp;utm_medium=RSS"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "386269d4-a6c6-4eaa-bf8e-bc0b0d010558",
"assignerShortName": "nodejs",
"cveId": "CVE-2018-7160",
"datePublished": "2018-05-17T14:00:00.000Z",
"dateReserved": "2018-02-15T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:35:37.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-7160",
"date": "2026-07-19",
"epss": "0.09916",
"percentile": "0.95057"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\", \"versionStartIncluding\": \"6.0.0\", \"versionEndIncluding\": \"6.8.1\", \"matchCriteriaId\": \"D107EC29-67E7-40C3-8E5A-324C9105C5E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\", \"versionStartIncluding\": \"6.9.0\", \"versionEndExcluding\": \"6.14.0\", \"matchCriteriaId\": \"B6855CC9-21A0-4C1B-8C27-A15FA0D7244F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\", \"versionStartIncluding\": \"8.0.0\", \"versionEndIncluding\": \"8.8.1\", \"matchCriteriaId\": \"74FB695D-2C76-47AB-988E-5629D2E695E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\", \"versionStartIncluding\": \"8.9.0\", \"versionEndExcluding\": \"8.11.0\", \"matchCriteriaId\": \"A6E7AD1F-26AA-4CBA-9162-7DFC0B09E620\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\", \"versionStartIncluding\": \"9.0.0\", \"versionEndExcluding\": \"9.10.0\", \"matchCriteriaId\": \"8FC117F5-0B41-49F5-83DF-B830DEE95404\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.\"}, {\"lang\": \"es\", \"value\": \"El inspector de Node.js, en versiones 6.x y siguientes, es vulnerable a un ataque de reenlace DNS que podr\\u00eda explotarse para ejecutar c\\u00f3digo de forma remota. El ataque es posible desde sitios web maliciosos abiertos en un navegador web en el mismo ordenador o desde otro ordenador con acceso de red al ordenador que ejecuta el proceso Node.js. Un sitio web malicioso podr\\u00eda emplear un ataque de reenlace DNS para enga\\u00f1ar al navegador web para que omita las comprobaciones de pol\\u00edtica del mismo origen y para permitir conexiones HTTP al host local o a hosts en la red local. Si un proceso Node.js con el puerto de depuraci\\u00f3n activo se est\\u00e1 ejecutando en el host local o en un host en la red local, el sitio web malicioso podr\\u00eda conectarse a \\u00e9l como depurador y obtener acceso total de ejecuci\\u00f3n de c\\u00f3digo.\"}]",
"id": "CVE-2018-7160",
"lastModified": "2024-11-21T04:11:42.010",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2018-05-17T14:29:00.827",
"references": "[{\"url\": \"https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/\", \"source\": \"cve-request@iojs.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.f5.com/csp/article/K63025104?utm_source=f5support\u0026amp%3Butm_medium=RSS\", \"source\": \"cve-request@iojs.org\"}, {\"url\": \"https://www.oracle.com//security-alerts/cpujul2021.html\", \"source\": \"cve-request@iojs.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.f5.com/csp/article/K63025104?utm_source=f5support\u0026amp%3Butm_medium=RSS\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.oracle.com//security-alerts/cpujul2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve-request@iojs.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"cve-request@iojs.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-350\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-290\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-7160\",\"sourceIdentifier\":\"cve-request@iojs.org\",\"published\":\"2018-05-17T14:29:00.827\",\"lastModified\":\"2024-11-21T04:11:42.010\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.\"},{\"lang\":\"es\",\"value\":\"El inspector de Node.js, en versiones 6.x y siguientes, es vulnerable a un ataque de reenlace DNS que podr\u00eda explotarse para ejecutar c\u00f3digo de forma remota. El ataque es posible desde sitios web maliciosos abiertos en un navegador web en el mismo ordenador o desde otro ordenador con acceso de red al ordenador que ejecuta el proceso Node.js. Un sitio web malicioso podr\u00eda emplear un ataque de reenlace DNS para enga\u00f1ar al navegador web para que omita las comprobaciones de pol\u00edtica del mismo origen y para permitir conexiones HTTP al host local o a hosts en la red local. Si un proceso Node.js con el puerto de depuraci\u00f3n activo se est\u00e1 ejecutando en el host local o en un host en la red local, el sitio web malicioso podr\u00eda conectarse a \u00e9l como depurador y obtener acceso total de ejecuci\u00f3n de c\u00f3digo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"cve-request@iojs.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-350\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-290\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.8.1\",\"matchCriteriaId\":\"D107EC29-67E7-40C3-8E5A-324C9105C5E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"6.9.0\",\"versionEndExcluding\":\"6.14.0\",\"matchCriteriaId\":\"B6855CC9-21A0-4C1B-8C27-A15FA0D7244F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.8.1\",\"matchCriteriaId\":\"74FB695D-2C76-47AB-988E-5629D2E695E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"8.9.0\",\"versionEndExcluding\":\"8.11.0\",\"matchCriteriaId\":\"A6E7AD1F-26AA-4CBA-9162-7DFC0B09E620\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.10.0\",\"matchCriteriaId\":\"8FC117F5-0B41-49F5-83DF-B830DEE95404\"}]}]}],\"references\":[{\"url\":\"https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/\",\"source\":\"cve-request@iojs.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K63025104?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"cve-request@iojs.org\"},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"cve-request@iojs.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K63025104?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"redhat_vex": {
"aggregate_severity": "Moderate",
"current_release_date": "2026-06-28T06:55:59+00:00",
"cve": "CVE-2018-7160",
"id": "CVE-2018-7160",
"initial_release_date": "2018-03-08T00:00:00+00:00",
"product_status:fixed": "62",
"product_status:known_affected": "4",
"product_status:known_not_affected": "22",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "nodejs: Inspector DNS rebinding vulnerability",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-7160.json",
"version": "3"
}
}
}
cleanstart-2026-lj44720
Vulnerability from cleanstart
Multiple security vulnerabilities affect the nodejs package. These issues are resolved in later releases. See references for individual vulnerability details.
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "nodejs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.9.3-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the nodejs package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-LJ44720",
"modified": "2026-05-15T04:48:37Z",
"published": "2026-05-18T13:08:13.240549Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-LJ44720.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-37372"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37372"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2017-14919, CVE-2017-15896, CVE-2018-0734, CVE-2018-0735, CVE-2018-1000168, CVE-2018-12121, CVE-2018-12122, CVE-2018-7160, CVE-2018-7161, CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2019-5737, CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518, CVE-2020-11080, CVE-2020-7774, CVE-2020-8172, CVE-2020-8174, CVE-2020-8201, CVE-2020-8252, CVE-2020-8265, CVE-2020-8277, CVE-2020-8287, CVE-2021-21148, CVE-2021-22930, CVE-2021-22931, CVE-2021-22959, CVE-2021-22960, CVE-2021-3672, CVE-2021-43803, CVE-2021-44531, CVE-2021-44532, CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-35255, CVE-2022-35256, CVE-2022-3602, CVE-2022-43548, CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807, CVE-2023-39333, CVE-2023-44487, CVE-2024-22018, CVE-2024-22020, CVE-2024-27982, CVE-2024-27983, CVE-2024-36138, CVE-2024-37372 applied in versions: 10.14.0-r0, 10.15.3-r0, 10.16.3-r0, 12.15.0-r0, 12.18.0-r0, 12.18.4-r0, 14.15.1-r0, 14.15.4-r0, 14.15.5-r0, 14.16.0-r0, 14.16.1-r0, 14.17.4-r0, 14.17.5-r0, 14.17.6-r0, 14.18.1-r0, 16.13.2-r0, 16.17.1-r0, 18.12.1-r0, 18.14.1-r0, 18.17.1-r0, 18.18.2-r0, 20.12.1-r0, 20.15.1-r0, 6.11.1-r0, 6.11.5-r0, 8.11.0-r0, 8.11.3-r0, 8.11.4-r0, 8.9.3-r0",
"upstream": [
"CVE-2017-14919",
"CVE-2017-15896",
"CVE-2018-0734",
"CVE-2018-0735",
"CVE-2018-1000168",
"CVE-2018-12121",
"CVE-2018-12122",
"CVE-2018-7160",
"CVE-2018-7161",
"CVE-2019-15604",
"CVE-2019-15605",
"CVE-2019-15606",
"CVE-2019-5737",
"CVE-2019-9511",
"CVE-2019-9512",
"CVE-2019-9513",
"CVE-2019-9514",
"CVE-2019-9515",
"CVE-2019-9516",
"CVE-2019-9517",
"CVE-2019-9518",
"CVE-2020-11080",
"CVE-2020-7774",
"CVE-2020-8172",
"CVE-2020-8174",
"CVE-2020-8201",
"CVE-2020-8252",
"CVE-2020-8265",
"CVE-2020-8277",
"CVE-2020-8287",
"CVE-2021-21148",
"CVE-2021-22930",
"CVE-2021-22931",
"CVE-2021-22959",
"CVE-2021-22960",
"CVE-2021-3672",
"CVE-2021-43803",
"CVE-2021-44531",
"CVE-2021-44532",
"CVE-2022-32212",
"CVE-2022-32213",
"CVE-2022-32214",
"CVE-2022-32215",
"CVE-2022-35255",
"CVE-2022-35256",
"CVE-2022-3602",
"CVE-2022-43548",
"CVE-2023-23918",
"CVE-2023-23919",
"CVE-2023-23920",
"CVE-2023-23936",
"CVE-2023-24807",
"CVE-2023-39333",
"CVE-2023-44487",
"CVE-2024-22018",
"CVE-2024-22020",
"CVE-2024-27982",
"CVE-2024-27983",
"CVE-2024-36138",
"CVE-2024-37372"
]
}
cleanstart-2026-ln12820
Vulnerability from cleanstart
Multiple security vulnerabilities affect the nodejs package. A vulnerability has been identified in Node. See references for individual vulnerability details.
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "nodejs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.9.3-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the nodejs package. A vulnerability has been identified in Node. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-LN12820",
"modified": "2026-02-18T09:40:19Z",
"published": "2026-02-19T00:58:49.154512Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-LN12820"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-37372"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37372"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "vulnerability has been identified in Node",
"upstream": [
"CVE-2017-14919",
"CVE-2017-15896",
"CVE-2018-0734",
"CVE-2018-0735",
"CVE-2018-1000168",
"CVE-2018-12121",
"CVE-2018-12122",
"CVE-2018-7160",
"CVE-2018-7161",
"CVE-2019-15604",
"CVE-2019-15605",
"CVE-2019-15606",
"CVE-2019-5737",
"CVE-2019-9511",
"CVE-2019-9512",
"CVE-2019-9513",
"CVE-2019-9514",
"CVE-2019-9515",
"CVE-2019-9516",
"CVE-2019-9517",
"CVE-2019-9518",
"CVE-2020-11080",
"CVE-2020-7774",
"CVE-2020-8172",
"CVE-2020-8174",
"CVE-2020-8201",
"CVE-2020-8252",
"CVE-2020-8265",
"CVE-2020-8277",
"CVE-2020-8287",
"CVE-2021-21148",
"CVE-2021-22930",
"CVE-2021-22931",
"CVE-2021-22959",
"CVE-2021-22960",
"CVE-2021-3672",
"CVE-2021-43803",
"CVE-2021-44531",
"CVE-2021-44532",
"CVE-2022-32212",
"CVE-2022-32213",
"CVE-2022-32214",
"CVE-2022-32215",
"CVE-2022-35255",
"CVE-2022-35256",
"CVE-2022-3602",
"CVE-2022-43548",
"CVE-2023-23918",
"CVE-2023-23919",
"CVE-2023-23920",
"CVE-2023-23936",
"CVE-2023-24807",
"CVE-2023-39333",
"CVE-2023-44487",
"CVE-2024-22018",
"CVE-2024-22020",
"CVE-2024-27982",
"CVE-2024-27983",
"CVE-2024-36138",
"CVE-2024-37372"
]
}
cleanstart-2026-tx00223
Vulnerability from cleanstart
Multiple security vulnerabilities affect the nodejs package. These issues are resolved in later releases. See references for individual vulnerability details.
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "nodejs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.9.3-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the nodejs package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-TX00223",
"modified": "2026-05-15T02:44:47Z",
"published": "2026-05-18T13:08:20.593429Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-TX00223.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-37372"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37372"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2017-14919, CVE-2017-15896, CVE-2018-0734, CVE-2018-0735, CVE-2018-1000168, CVE-2018-12121, CVE-2018-12122, CVE-2018-7160, CVE-2018-7161, CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2019-5737, CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518, CVE-2020-11080, CVE-2020-7774, CVE-2020-8172, CVE-2020-8174, CVE-2020-8201, CVE-2020-8252, CVE-2020-8265, CVE-2020-8277, CVE-2020-8287, CVE-2021-21148, CVE-2021-22930, CVE-2021-22931, CVE-2021-22959, CVE-2021-22960, CVE-2021-3672, CVE-2021-43803, CVE-2021-44531, CVE-2021-44532, CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-35255, CVE-2022-35256, CVE-2022-3602, CVE-2022-43548, CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807, CVE-2023-39333, CVE-2023-44487, CVE-2024-22018, CVE-2024-22020, CVE-2024-27982, CVE-2024-27983, CVE-2024-36138, CVE-2024-37372 applied in versions: 10.14.0-r0, 10.15.3-r0, 10.16.3-r0, 12.15.0-r0, 12.18.0-r0, 12.18.4-r0, 14.15.1-r0, 14.15.4-r0, 14.15.5-r0, 14.16.0-r0, 14.16.1-r0, 14.17.4-r0, 14.17.5-r0, 14.17.6-r0, 14.18.1-r0, 16.13.2-r0, 16.17.1-r0, 18.12.1-r0, 18.14.1-r0, 18.17.1-r0, 18.18.2-r0, 20.12.1-r0, 20.15.1-r0, 6.11.1-r0, 6.11.5-r0, 8.11.0-r0, 8.11.3-r0, 8.11.4-r0, 8.9.3-r0",
"upstream": [
"CVE-2017-14919",
"CVE-2017-15896",
"CVE-2018-0734",
"CVE-2018-0735",
"CVE-2018-1000168",
"CVE-2018-12121",
"CVE-2018-12122",
"CVE-2018-7160",
"CVE-2018-7161",
"CVE-2019-15604",
"CVE-2019-15605",
"CVE-2019-15606",
"CVE-2019-5737",
"CVE-2019-9511",
"CVE-2019-9512",
"CVE-2019-9513",
"CVE-2019-9514",
"CVE-2019-9515",
"CVE-2019-9516",
"CVE-2019-9517",
"CVE-2019-9518",
"CVE-2020-11080",
"CVE-2020-7774",
"CVE-2020-8172",
"CVE-2020-8174",
"CVE-2020-8201",
"CVE-2020-8252",
"CVE-2020-8265",
"CVE-2020-8277",
"CVE-2020-8287",
"CVE-2021-21148",
"CVE-2021-22930",
"CVE-2021-22931",
"CVE-2021-22959",
"CVE-2021-22960",
"CVE-2021-3672",
"CVE-2021-43803",
"CVE-2021-44531",
"CVE-2021-44532",
"CVE-2022-32212",
"CVE-2022-32213",
"CVE-2022-32214",
"CVE-2022-32215",
"CVE-2022-35255",
"CVE-2022-35256",
"CVE-2022-3602",
"CVE-2022-43548",
"CVE-2023-23918",
"CVE-2023-23919",
"CVE-2023-23920",
"CVE-2023-23936",
"CVE-2023-24807",
"CVE-2023-39333",
"CVE-2023-44487",
"CVE-2024-22018",
"CVE-2024-22020",
"CVE-2024-27982",
"CVE-2024-27983",
"CVE-2024-36138",
"CVE-2024-37372"
]
}
cleanstart-2026-wi75198
Vulnerability from cleanstart
Multiple security vulnerabilities affect the nodejs package. A vulnerability has been identified in Node. See references for individual vulnerability details.
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "nodejs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.9.3-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the nodejs package. A vulnerability has been identified in Node. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-WI75198",
"modified": "2026-01-29T18:58:54Z",
"published": "2026-01-30T17:34:27.754206Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-WI75198"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-37372"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37372"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "vulnerability has been identified in Node",
"upstream": [
"CVE-2017-14919",
"CVE-2017-15896",
"CVE-2018-0734",
"CVE-2018-0735",
"CVE-2018-1000168",
"CVE-2018-12121",
"CVE-2018-12122",
"CVE-2018-7160",
"CVE-2018-7161",
"CVE-2019-15604",
"CVE-2019-15605",
"CVE-2019-15606",
"CVE-2019-5737",
"CVE-2019-9511",
"CVE-2019-9512",
"CVE-2019-9513",
"CVE-2019-9514",
"CVE-2019-9515",
"CVE-2019-9516",
"CVE-2019-9517",
"CVE-2019-9518",
"CVE-2020-11080",
"CVE-2020-7774",
"CVE-2020-8172",
"CVE-2020-8174",
"CVE-2020-8201",
"CVE-2020-8252",
"CVE-2020-8265",
"CVE-2020-8277",
"CVE-2020-8287",
"CVE-2021-21148",
"CVE-2021-22930",
"CVE-2021-22931",
"CVE-2021-22959",
"CVE-2021-22960",
"CVE-2021-3672",
"CVE-2021-43803",
"CVE-2021-44531",
"CVE-2021-44532",
"CVE-2022-32212",
"CVE-2022-32213",
"CVE-2022-32214",
"CVE-2022-32215",
"CVE-2022-35255",
"CVE-2022-35256",
"CVE-2022-3602",
"CVE-2022-43548",
"CVE-2023-23918",
"CVE-2023-23919",
"CVE-2023-23920",
"CVE-2023-23936",
"CVE-2023-24807",
"CVE-2023-39333",
"CVE-2023-44487",
"CVE-2024-22018",
"CVE-2024-22020",
"CVE-2024-27982",
"CVE-2024-27983",
"CVE-2024-36138",
"CVE-2024-37372"
]
}
cleanstart-2026-zi00992
Vulnerability from cleanstart
Multiple security vulnerabilities affect the nodejs package. These issues are resolved in later releases. See references for individual vulnerability details.
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "nodejs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.9.3-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the nodejs package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-ZI00992",
"modified": "2026-05-12T11:40:29Z",
"published": "2026-05-18T13:28:54.438866Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-ZI00992.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-37372"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37372"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2017-14919, CVE-2017-15896, CVE-2018-0734, CVE-2018-0735, CVE-2018-1000168, CVE-2018-12121, CVE-2018-12122, CVE-2018-7160, CVE-2018-7161, CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2019-5737, CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518, CVE-2020-11080, CVE-2020-7774, CVE-2020-8172, CVE-2020-8174, CVE-2020-8201, CVE-2020-8252, CVE-2020-8265, CVE-2020-8277, CVE-2020-8287, CVE-2021-21148, CVE-2021-22930, CVE-2021-22931, CVE-2021-22959, CVE-2021-22960, CVE-2021-3672, CVE-2021-43803, CVE-2021-44531, CVE-2021-44532, CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-35255, CVE-2022-35256, CVE-2022-3602, CVE-2022-43548, CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807, CVE-2023-39333, CVE-2023-44487, CVE-2024-22018, CVE-2024-22020, CVE-2024-27982, CVE-2024-27983, CVE-2024-36138, CVE-2024-37372 applied in versions: 10.14.0-r0, 10.15.3-r0, 10.16.3-r0, 12.15.0-r0, 12.18.0-r0, 12.18.4-r0, 14.15.1-r0, 14.15.4-r0, 14.15.5-r0, 14.16.0-r0, 14.16.1-r0, 14.17.4-r0, 14.17.5-r0, 14.17.6-r0, 14.18.1-r0, 16.13.2-r0, 16.17.1-r0, 18.12.1-r0, 18.14.1-r0, 18.17.1-r0, 18.18.2-r0, 20.12.1-r0, 20.15.1-r0, 6.11.1-r0, 6.11.5-r0, 8.11.0-r0, 8.11.3-r0, 8.11.4-r0, 8.9.3-r0",
"upstream": [
"CVE-2017-14919",
"CVE-2017-15896",
"CVE-2018-0734",
"CVE-2018-0735",
"CVE-2018-1000168",
"CVE-2018-12121",
"CVE-2018-12122",
"CVE-2018-7160",
"CVE-2018-7161",
"CVE-2019-15604",
"CVE-2019-15605",
"CVE-2019-15606",
"CVE-2019-5737",
"CVE-2019-9511",
"CVE-2019-9512",
"CVE-2019-9513",
"CVE-2019-9514",
"CVE-2019-9515",
"CVE-2019-9516",
"CVE-2019-9517",
"CVE-2019-9518",
"CVE-2020-11080",
"CVE-2020-7774",
"CVE-2020-8172",
"CVE-2020-8174",
"CVE-2020-8201",
"CVE-2020-8252",
"CVE-2020-8265",
"CVE-2020-8277",
"CVE-2020-8287",
"CVE-2021-21148",
"CVE-2021-22930",
"CVE-2021-22931",
"CVE-2021-22959",
"CVE-2021-22960",
"CVE-2021-3672",
"CVE-2021-43803",
"CVE-2021-44531",
"CVE-2021-44532",
"CVE-2022-32212",
"CVE-2022-32213",
"CVE-2022-32214",
"CVE-2022-32215",
"CVE-2022-35255",
"CVE-2022-35256",
"CVE-2022-3602",
"CVE-2022-43548",
"CVE-2023-23918",
"CVE-2023-23919",
"CVE-2023-23920",
"CVE-2023-23936",
"CVE-2023-24807",
"CVE-2023-39333",
"CVE-2023-44487",
"CVE-2024-22018",
"CVE-2024-22020",
"CVE-2024-27982",
"CVE-2024-27983",
"CVE-2024-36138",
"CVE-2024-37372"
]
}
cleanstart-2026-zq97710
Vulnerability from cleanstart
Multiple security vulnerabilities affect the nodejs package. These issues are resolved in later releases. See references for individual vulnerability details.
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "nodejs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.9.3-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the nodejs package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-ZQ97710",
"modified": "2026-03-26T14:35:37Z",
"published": "2026-04-01T09:18:18.401641Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-ZQ97710.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-37372"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37372"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2017-14919, CVE-2017-15896, CVE-2018-0734, CVE-2018-0735, CVE-2018-1000168, CVE-2018-12121, CVE-2018-12122, CVE-2018-7160, CVE-2018-7161, CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2019-5737, CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518, CVE-2020-11080, CVE-2020-7774, CVE-2020-8172, CVE-2020-8174, CVE-2020-8201, CVE-2020-8252, CVE-2020-8265, CVE-2020-8277, CVE-2020-8287, CVE-2021-21148, CVE-2021-22930, CVE-2021-22931, CVE-2021-22959, CVE-2021-22960, CVE-2021-3672, CVE-2021-43803, CVE-2021-44531, CVE-2021-44532, CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-35255, CVE-2022-35256, CVE-2022-3602, CVE-2022-43548, CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807, CVE-2023-39333, CVE-2023-44487, CVE-2024-22018, CVE-2024-22020, CVE-2024-27982, CVE-2024-27983, CVE-2024-36138, CVE-2024-37372 applied in versions: 10.14.0-r0, 10.15.3-r0, 10.16.3-r0, 12.15.0-r0, 12.18.0-r0, 12.18.4-r0, 14.15.1-r0, 14.15.4-r0, 14.15.5-r0, 14.16.0-r0, 14.16.1-r0, 14.17.4-r0, 14.17.5-r0, 14.17.6-r0, 14.18.1-r0, 16.13.2-r0, 16.17.1-r0, 18.12.1-r0, 18.14.1-r0, 18.17.1-r0, 18.18.2-r0, 20.12.1-r0, 20.15.1-r0, 6.11.1-r0, 6.11.5-r0, 8.11.0-r0, 8.11.3-r0, 8.11.4-r0, 8.9.3-r0",
"upstream": [
"CVE-2017-14919",
"CVE-2017-15896",
"CVE-2018-0734",
"CVE-2018-0735",
"CVE-2018-1000168",
"CVE-2018-12121",
"CVE-2018-12122",
"CVE-2018-7160",
"CVE-2018-7161",
"CVE-2019-15604",
"CVE-2019-15605",
"CVE-2019-15606",
"CVE-2019-5737",
"CVE-2019-9511",
"CVE-2019-9512",
"CVE-2019-9513",
"CVE-2019-9514",
"CVE-2019-9515",
"CVE-2019-9516",
"CVE-2019-9517",
"CVE-2019-9518",
"CVE-2020-11080",
"CVE-2020-7774",
"CVE-2020-8172",
"CVE-2020-8174",
"CVE-2020-8201",
"CVE-2020-8252",
"CVE-2020-8265",
"CVE-2020-8277",
"CVE-2020-8287",
"CVE-2021-21148",
"CVE-2021-22930",
"CVE-2021-22931",
"CVE-2021-22959",
"CVE-2021-22960",
"CVE-2021-3672",
"CVE-2021-43803",
"CVE-2021-44531",
"CVE-2021-44532",
"CVE-2022-32212",
"CVE-2022-32213",
"CVE-2022-32214",
"CVE-2022-32215",
"CVE-2022-35255",
"CVE-2022-35256",
"CVE-2022-3602",
"CVE-2022-43548",
"CVE-2023-23918",
"CVE-2023-23919",
"CVE-2023-23920",
"CVE-2023-23936",
"CVE-2023-24807",
"CVE-2023-39333",
"CVE-2023-44487",
"CVE-2024-22018",
"CVE-2024-22020",
"CVE-2024-27982",
"CVE-2024-27983",
"CVE-2024-36138",
"CVE-2024-37372"
]
}
FKIE_CVE-2018-7160
Vulnerability from fkie_nvd - Published: 2018-05-17 14:29 - Updated: 2026-06-17 02:02| URL | Tags | ||
|---|---|---|---|
| cve-request@iojs.org | https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/ | Vendor Advisory | |
| cve-request@iojs.org | https://support.f5.com/csp/article/K63025104?utm_source=f5support&%3Butm_medium=RSS | ||
| cve-request@iojs.org | https://www.oracle.com//security-alerts/cpujul2021.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K63025104?utm_source=f5support&%3Butm_medium=RSS | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com//security-alerts/cpujul2021.html | Third Party Advisory |
{
"affected": [
{
"affectedData": [
{
"product": "Node.js",
"vendor": "The Node.js Project",
"versions": [
{
"status": "affected",
"version": "^6.0.0 || ^8.0.0 || ^9.0.0"
}
]
}
],
"source": "cve-request@iojs.org"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D107EC29-67E7-40C3-8E5A-324C9105C5E4",
"versionEndIncluding": "6.8.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6855CC9-21A0-4C1B-8C27-A15FA0D7244F",
"versionEndExcluding": "6.14.0",
"versionStartIncluding": "6.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "74FB695D-2C76-47AB-988E-5629D2E695E5",
"versionEndIncluding": "8.8.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "A6E7AD1F-26AA-4CBA-9162-7DFC0B09E620",
"versionEndExcluding": "8.11.0",
"versionStartIncluding": "8.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "8FC117F5-0B41-49F5-83DF-B830DEE95404",
"versionEndExcluding": "9.10.0",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access."
},
{
"lang": "es",
"value": "El inspector de Node.js, en versiones 6.x y siguientes, es vulnerable a un ataque de reenlace DNS que podr\u00eda explotarse para ejecutar c\u00f3digo de forma remota. El ataque es posible desde sitios web maliciosos abiertos en un navegador web en el mismo ordenador o desde otro ordenador con acceso de red al ordenador que ejecuta el proceso Node.js. Un sitio web malicioso podr\u00eda emplear un ataque de reenlace DNS para enga\u00f1ar al navegador web para que omita las comprobaciones de pol\u00edtica del mismo origen y para permitir conexiones HTTP al host local o a hosts en la red local. Si un proceso Node.js con el puerto de depuraci\u00f3n activo se est\u00e1 ejecutando en el host local o en un host en la red local, el sitio web malicioso podr\u00eda conectarse a \u00e9l como depurador y obtener acceso total de ejecuci\u00f3n de c\u00f3digo."
}
],
"id": "CVE-2018-7160",
"lastModified": "2026-06-17T02:02:43.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-17T14:29:00.827",
"references": [
{
"source": "cve-request@iojs.org",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/"
},
{
"source": "cve-request@iojs.org",
"url": "https://support.f5.com/csp/article/K63025104?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "cve-request@iojs.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K63025104?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
],
"sourceIdentifier": "cve-request@iojs.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-350"
}
],
"source": "cve-request@iojs.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-WQ4C-WM6X-JW44
Vulnerability from github – Published: 2022-05-13 01:08 – Updated: 2023-10-09 00:42Withdrawn Advisory
This advisory has been withdrawn because this vulnerability affects inspector code in https://github.com/nodejs/node, not the legacy debugger at https://github.com/node-inspector/node-inspector. https://github.com/nodejs/node is not in a supported ecosystem.
Original Description
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "node-inspector"
},
"ranges": [
{
"events": [
{
"introduced": "6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-7160"
],
"database_specific": {
"cwe_ids": [
"CWE-290"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-20T22:39:06Z",
"nvd_published_at": "2018-05-17T14:29:00Z",
"severity": "HIGH"
},
"details": "## Withdrawn Advisory\nThis advisory has been withdrawn because this vulnerability affects inspector code in https://github.com/nodejs/node, not the [legacy debugger](https://nodejs.org/en/docs/inspector#legacy-debugger) at https://github.com/node-inspector/node-inspector. https://github.com/nodejs/node is not in a [supported ecosystem](https://github.com/github/advisory-database/blob/main/README.md#supported-ecosystems).\n\n## Original Description\nThe Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.",
"id": "GHSA-wq4c-wm6x-jw44",
"modified": "2023-10-09T00:42:54Z",
"published": "2022-05-13T01:08:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://github.com/nodejs/node/commit/e3950d1a402b80e4098a40aacddd6a104da0cfa9"
},
{
"type": "WEB",
"url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K63025104?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"type": "WEB",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Withdrawn Advisory: Node.js Inspector RCE via DNS Rebinding",
"withdrawn": "2023-10-09T00:42:54Z"
}
GSD-2018-7160
Vulnerability from gsd - Updated: 2023-12-13 01:22{
"GSD": {
"alias": "CVE-2018-7160",
"description": "The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.",
"id": "GSD-2018-7160",
"references": [
"https://www.suse.com/security/cve/CVE-2018-7160.html",
"https://access.redhat.com/errata/RHSA-2018:2949",
"https://advisories.mageia.org/CVE-2018-7160.html",
"https://ubuntu.com/security/CVE-2018-7160"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-7160"
],
"details": "The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.",
"id": "GSD-2018-7160",
"modified": "2023-12-13T01:22:32.850680Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve-request@iojs.org",
"DATE_PUBLIC": "2018-03-21T00:00:00",
"ID": "CVE-2018-7160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Node.js",
"version": {
"version_data": [
{
"version_value": "^6.0.0 || ^8.0.0 || ^9.0.0"
}
]
}
}
]
},
"vendor_name": "The Node.js Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/",
"refsource": "CONFIRM",
"url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/"
},
{
"name": "https://support.f5.com/csp/article/K63025104?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K63025104?utm_source=f5support\u0026amp;utm_medium=RSS"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=6.0",
"affected_versions": "All versions starting from 6.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-290",
"CWE-78",
"CWE-937"
],
"date": "2023-07-20",
"description": "The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.",
"fixed_versions": [],
"identifier": "CVE-2018-7160",
"identifiers": [
"GHSA-wq4c-wm6x-jw44",
"CVE-2018-7160"
],
"not_impacted": "All versions before 6.0",
"package_slug": "npm/node-inspector",
"pubdate": "2022-05-13",
"solution": "Unfortunately, there is no solution available yet.",
"title": "Authentication Bypass by Spoofing",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-7160",
"https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/",
"https://support.f5.com/csp/article/K63025104?utm_source=f5support\u0026amp;utm_medium=RSS",
"https://www.oracle.com//security-alerts/cpujul2021.html",
"https://github.com/advisories/GHSA-wq4c-wm6x-jw44"
],
"uuid": "e977e281-dfe0-4468-bcf1-fc4a9ef295eb"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.14.0",
"versionStartIncluding": "6.9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.11.0",
"versionStartIncluding": "8.9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.8.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.8.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.10.0",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve-request@iojs.org",
"ID": "CVE-2018-7160"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/"
},
{
"name": "https://support.f5.com/csp/article/K63025104?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K63025104?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-08-16T13:01Z",
"publishedDate": "2018-05-17T14:29Z"
}
}
}
RHSA-2018:2949
Vulnerability from csaf_redhat - Published: 2018-10-18 10:11 - Updated: 2026-06-28 09:04It was found that the http module from Node.js could accept incorrect Content-Length values, containing spaces within the value, in HTTP headers. A specially crafted client could use this flaw to possibly confuse the script, causing unspecified behavior.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 | — |
Vendor Fix
fix
|
It was found that when a Node.js script is run in inspector mode, Node.js did not properly validate the Host header, leaving the inspector vulnerable to a DNS rebind attack and bypass same-origin policy. If a developer had an inspector session running, and was visiting a malicious website, the site could carry on a DNS rebind attack, allowing the site to have full access to the debugged script.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 | — |
Vendor Fix
fix
|
All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 | — |
Vendor Fix
fix
|
It was found that the Buffer.fill() and Buffer.alloc() function may hang. An attacker able to control the input of these function could use this flaw to cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 | — |
Vendor Fix
fix
|
In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2018:2949 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1620219 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2018-7159 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1561981 | external |
| https://www.cve.org/CVERecord?id=CVE-2018-7159 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2018-7159 | external |
| https://access.redhat.com/security/cve/CVE-2018-7160 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1561979 | external |
| https://www.cve.org/CVERecord?id=CVE-2018-7160 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2018-7160 | external |
| https://access.redhat.com/security/cve/CVE-2018-7161 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1591013 | external |
| https://www.cve.org/CVERecord?id=CVE-2018-7161 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2018-7161 | external |
| https://access.redhat.com/security/cve/CVE-2018-7167 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1591006 | external |
| https://www.cve.org/CVERecord?id=CVE-2018-7167 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2018-7167 | external |
| https://access.redhat.com/security/cve/CVE-2018-12115 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1620219 | external |
| https://www.cve.org/CVERecord?id=CVE-2018-12115 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2018-12115 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rh-nodejs8-nodejs is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.\n\nThe following packages have been upgraded to a later upstream version: rh-nodejs8-nodejs (8.11.4). (BZ#1621761)\n\nSecurity Fix(es):\n\n* nodejs: Out of bounds (OOB) write via UCS-2 encoding (CVE-2018-12115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:2949",
"url": "https://access.redhat.com/errata/RHSA-2018:2949"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1620219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620219"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2949.json"
}
],
"title": "Red Hat Security Advisory: rh-nodejs8-nodejs security update",
"tracking": {
"current_release_date": "2026-06-28T09:04:03+00:00",
"generator": {
"date": "2026-06-28T09:04:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2018:2949",
"initial_release_date": "2018-10-18T10:11:49+00:00",
"revision_history": [
{
"date": "2018-10-18T10:11:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-10-18T10:11:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-28T09:04:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.1-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.1-7.5.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"product": {
"name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"product_id": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-devel@8.11.4-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"product": {
"name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"product_id": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs8-npm@5.6.0-8.11.4.1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"product": {
"name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"product_id": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs8-nodejs@8.11.4-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"product": {
"name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"product_id": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-debuginfo@8.11.4-1.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"product": {
"name": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"product_id": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-docs@8.11.4-1.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"product": {
"name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"product_id": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs8-nodejs@8.11.4-1.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"product": {
"name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"product_id": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-devel@8.11.4-1.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"product": {
"name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"product_id": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs8-npm@5.6.0-8.11.4.1.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"product": {
"name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"product_id": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs8-nodejs@8.11.4-1.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"product": {
"name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"product_id": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-debuginfo@8.11.4-1.el7?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"product": {
"name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"product_id": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-devel@8.11.4-1.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"product": {
"name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"product_id": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs8-npm@5.6.0-8.11.4.1.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"product": {
"name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"product_id": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs8-nodejs@8.11.4-1.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"product": {
"name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"product_id": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-debuginfo@8.11.4-1.el7?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64",
"product": {
"name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64",
"product_id": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-devel@8.11.4-1.el7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64",
"product": {
"name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64",
"product_id": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs8-npm@5.6.0-8.11.4.1.el7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64",
"product": {
"name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64",
"product_id": "rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs8-nodejs@8.11.4-1.el7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64",
"product": {
"name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64",
"product_id": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-debuginfo@8.11.4-1.el7?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64"
},
"product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le"
},
"product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x"
},
"product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src"
},
"product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64"
},
"product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le"
},
"product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x"
},
"product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64"
},
"product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le"
},
"product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x"
},
"product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch"
},
"product_reference": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64"
},
"product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le"
},
"product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x"
},
"product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le"
},
"product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x"
},
"product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src"
},
"product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64"
},
"product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le"
},
"product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x"
},
"product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64"
},
"product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le"
},
"product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x"
},
"product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64"
},
"product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch"
},
"product_reference": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le"
},
"product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x"
},
"product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64"
},
"product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le"
},
"product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x"
},
"product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src"
},
"product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64"
},
"product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le"
},
"product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x"
},
"product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64"
},
"product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le"
},
"product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x"
},
"product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64"
},
"product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch"
},
"product_reference": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le"
},
"product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x"
},
"product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64"
},
"product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le"
},
"product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x"
},
"product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src"
},
"product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64"
},
"product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le"
},
"product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x"
},
"product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64"
},
"product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le"
},
"product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x"
},
"product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64"
},
"product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch"
},
"product_reference": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le"
},
"product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x"
},
"product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64"
},
"product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src"
},
"product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64"
},
"product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64"
},
"product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64"
},
"product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch"
},
"product_reference": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64"
},
"product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-7159",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-03-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1561981"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the http module from Node.js could accept incorrect Content-Length values, containing spaces within the value, in HTTP headers. A specially crafted client could use this flaw to possibly confuse the script, causing unspecified behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: HTTP parser allowed for spaces inside Content-Length header values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-7159"
},
{
"category": "external",
"summary": "RHBZ#1561981",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561981"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-7159",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7159"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-7159",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7159"
}
],
"release_date": "2018-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-18T10:11:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2949"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs: HTTP parser allowed for spaces inside Content-Length header values"
},
{
"cve": "CVE-2018-7160",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-03-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1561979"
}
],
"notes": [
{
"category": "description",
"text": "It was found that when a Node.js script is run in inspector mode, Node.js did not properly validate the Host header, leaving the inspector vulnerable to a DNS rebind attack and bypass same-origin policy. If a developer had an inspector session running, and was visiting a malicious website, the site could carry on a DNS rebind attack, allowing the site to have full access to the debugged script.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Inspector DNS rebinding vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-7160"
},
{
"category": "external",
"summary": "RHBZ#1561979",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561979"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-7160",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-7160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7160"
}
],
"release_date": "2018-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-18T10:11:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2949"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Inspector DNS rebinding vulnerability"
},
{
"cve": "CVE-2018-7161",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-06-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1591013"
}
],
"notes": [
{
"category": "description",
"text": "All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: denial of service (DoS) by causing a node server providing an http2 server to crash",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-7161"
},
{
"category": "external",
"summary": "RHBZ#1591013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591013"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-7161",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7161"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-7161",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7161"
}
],
"release_date": "2018-06-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-18T10:11:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2949"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: denial of service (DoS) by causing a node server providing an http2 server to crash"
},
{
"cve": "CVE-2018-7167",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2018-06-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1591006"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the Buffer.fill() and Buffer.alloc() function may hang. An attacker able to control the input of these function could use this flaw to cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Denial of Service by calling Buffer.fill() or Buffer.alloc() with specially crafted parameters",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-7167"
},
{
"category": "external",
"summary": "RHBZ#1591006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-7167",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7167"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-7167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7167"
}
],
"release_date": "2018-06-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-18T10:11:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2949"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Denial of Service by calling Buffer.fill() or Buffer.alloc() with specially crafted parameters"
},
{
"cve": "CVE-2018-12115",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2018-08-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1620219"
}
],
"notes": [
{
"category": "description",
"text": "In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `\u0027ucs2\u0027`, `\u0027ucs-2\u0027`, `\u0027utf16le\u0027` and `\u0027utf-16le\u0027`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Out of bounds (OOB) write via UCS-2 encoding",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Openshift Container Platform 3.x versions are potentially vulnerable via the jenkins-slave-nodejs and jenkins-agent-nodejs containers. However a build would have to occur with a malicious jenkins pipeline, or nodejs source code supplied by an attacker, reducing the impact of this flaw to moderate. Both container images used nodejs delivered from Red Hat Software Collections.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12115"
},
{
"category": "external",
"summary": "RHBZ#1620219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620219"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12115",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12115"
}
],
"release_date": "2018-08-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-18T10:11:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2949"
},
{
"category": "workaround",
"details": "On Openshift Container Platform 3.x you can override the container image used on the Jenkins Slave by specifying the JENKINS_SLAVE_IMAGE environment variable in your jenkins deployment configuration. Ref:\n\nhttps://github.com/openshift/jenkins/blob/8e1ab16fb5f44d6570018c5dfa3407692fdba6e5/2/contrib/jenkins/kube-slave-common.sh#L27-L33",
"product_ids": [
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x",
"7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64",
"7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch",
"7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Out of bounds (OOB) write via UCS-2 encoding"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.