RHSA-2020:4272MediumCVSS 7.8
Red Hat Security Advisory: nodejs:12 security and bug fix update
🔗 CVE IDs covered (4)
📋 Description
CVE-2020-8116 — nodejs-dot-prop: prototype pollution CVE-2020-8201 — nodejs: HTTP request smuggling due to CR-to-Hyphen conversion CVE-2020-8252 — libuv: buffer overflow in realpath CVE-2020-15095 — npm: sensitive information exposure through logs
🔗 References (8)
- selfhttps://access.redhat.com/errata/RHSA-2020:4272
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1856875
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1868196
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1879311
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1879315
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1883966
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4272.json