RHSA-2019:1821HighCVSS 8.8
Red Hat Security Advisory: rh-nodejs8-nodejs security update
🔗 CVE IDs covered (6)
📋 Description
CVE-2018-12116 — nodejs: HTTP request splitting CVE-2018-12121 — nodejs: Denial of Service with large HTTP headers CVE-2018-12122 — nodejs: Slowloris HTTP Denial of Service CVE-2018-12123 — nodejs: Hostname spoofing in URL parser for javascript protocol CVE-2018-20834 — nodejs-tar: Arbitrary file overwrites when extracting tarballs containing a hard-link CVE-2019-5737 — nodejs: Insufficient Slowloris fix causing DoS via server.headersTimeout bypass
🔗 References (9)
- selfhttps://access.redhat.com/errata/RHSA-2019:1821
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1660998
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1661002
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1661005
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1661010
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1690808
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1702338
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_1821.json