RHSA-2021:2931MediumCVSS 7.5
Red Hat Security Advisory: rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon security update
🔗 CVE IDs covered (4)
📋 Description
CVE-2021-22918 — libuv: out-of-bounds read in uv__idna_toascii() can lead to information disclosures or crashes CVE-2021-23362 — nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() CVE-2021-27290 — nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode CVE-2021-33502 — nodejs-normalize-url: ReDoS for data URLs
🔗 References (8)
- selfhttps://access.redhat.com/errata/RHSA-2021:2931
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1941471
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1942592
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1943208
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1964461
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1979338
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2931.json