RHSA-2021:0521MediumCVSS 8.1
Red Hat Security Advisory: rh-nodejs10-nodejs security update
🔗 CVE IDs covered (10)
📋 Description
CVE-2020-7608 — nodejs-yargs-parser: prototype pollution vulnerability CVE-2020-7754 — nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS CVE-2020-7774 — nodejs-y18n: prototype pollution vulnerability CVE-2020-7788 — nodejs-ini: Prototype pollution via malicious INI file CVE-2020-8116 — nodejs-dot-prop: prototype pollution CVE-2020-8252 — libuv: buffer overflow in realpath CVE-2020-8265 — nodejs: use-after-free in the TLS implementation CVE-2020-8287 — nodejs: HTTP request smuggling via two copies of a header field in an http request CVE-2020-15095 — npm: sensitive information exposure through logs CVE-2020-15366 — nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function
🔗 References (13)
- selfhttps://access.redhat.com/errata/RHSA-2021:0521
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1840004
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1856875
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1857977
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1868196
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1879315
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1892430
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1898680
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1907444
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1912854
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1912863
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0521.json