Action not permitted
Modal body text goes here.
CVE-2018-7166
Vulnerability from cvelistv5
Published
2018-08-21 13:00
Modified
2024-09-17 00:26
Severity ?
EPSS score ?
Summary
In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer's` internal "fill" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve-request@iojs.org | https://access.redhat.com/errata/RHSA-2018:2553 | Third Party Advisory | |
| cve-request@iojs.org | https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/ | Vendor Advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| The Node.js Project | Node.js |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.399Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:2553",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2553"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Node.js",
"vendor": "The Node.js Project",
"versions": [
{
"status": "affected",
"version": "All versions of Node.js 10 prior to 10.9.0"
}
]
}
],
"datePublic": "2018-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer\u0027s` internal \"fill\" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-226",
"description": "CWE-226: Sensitive Information Uncleared Before Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-23T09:57:01",
"orgId": "386269d4-a6c6-4eaa-bf8e-bc0b0d010558",
"shortName": "nodejs"
},
"references": [
{
"name": "RHSA-2018:2553",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2553"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-request@iojs.org",
"DATE_PUBLIC": "2018-08-12T00:00:00",
"ID": "CVE-2018-7166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Node.js",
"version": {
"version_data": [
{
"version_value": "All versions of Node.js 10 prior to 10.9.0"
}
]
}
}
]
},
"vendor_name": "The Node.js Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer\u0027s` internal \"fill\" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-226: Sensitive Information Uncleared Before Release"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2553",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2553"
},
{
"name": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/",
"refsource": "CONFIRM",
"url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "386269d4-a6c6-4eaa-bf8e-bc0b0d010558",
"assignerShortName": "nodejs",
"cveId": "CVE-2018-7166",
"datePublished": "2018-08-21T13:00:00Z",
"dateReserved": "2018-02-15T00:00:00",
"dateUpdated": "2024-09-17T00:26:00.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-7166\",\"sourceIdentifier\":\"cve-request@iojs.org\",\"published\":\"2018-08-21T12:29:00.320\",\"lastModified\":\"2020-09-22T13:59:22.750\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer\u0027s` internal \\\"fill\\\" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information.\"},{\"lang\":\"es\",\"value\":\"En todas las versiones de Node.js 10 anteriores a la 10.9.0, un fallo en el procesamiento de argumentos puede provocar que \\\"Buffer.alloc()\\\" devuelva memoria no inicializada. Este m\u00e9todo est\u00e1 dise\u00f1ado para ser seguro y solo devuelve la memoria inicializada o borrada. El tercer argumento que especifica \\\"encoding\\\" puede ser pasado como un n\u00famero. Esto es malinterpretado por el m\u00e9todo interno \\\"fill\\\" del b\u00fafer como el \\\"comienzo\\\" de una operaci\u00f3n de llenado (fill). Este defecto puede ser explotado cuando los argumentos \\\"Buffer.alloc()\\\" se derivan de la entrada del usuario para devolver bloques de memoria no borrados que pueden contener informaci\u00f3n sensible.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-908\"}]},{\"source\":\"cve-request@iojs.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-226\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.9.0\",\"matchCriteriaId\":\"48A01678-361E-4F23-B7D6-41B0C145F491\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2553\",\"source\":\"cve-request@iojs.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/\",\"source\":\"cve-request@iojs.org\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
rhba-2019_0772
Vulnerability from csaf_redhat
Published
2019-04-17 12:31
Modified
2024-11-15 03:03
Summary
Red Hat Bug Fix Advisory: rh-nodejs10 bug fix update
Notes
Topic
Updated rh-nodejs10 packages that fix one bug are now available for Red Hat Software Collections.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
This update fixes the following bug:
* Due to an incompatibility between the base RHEL zlib library and the rh-nodejs10 Software Collection packages, it was previously impossible to use the npm binary file for installing the Node.js packages or to use the "npm info" command. This bug has been fixed, and npm from the rh-nodejs10 Software Collection now works as expected. (BZ#1696153)
Users of rh-nodejs10 are advised to upgrade to these updated packages, which fix this bug.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated rh-nodejs10 packages that fix one bug are now available for Red Hat Software Collections.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.\n\nThis update fixes the following bug:\n\n* Due to an incompatibility between the base RHEL zlib library and the rh-nodejs10 Software Collection packages, it was previously impossible to use the npm binary file for installing the Node.js packages or to use the \"npm info\" command. This bug has been fixed, and npm from the rh-nodejs10 Software Collection now works as expected. (BZ#1696153)\n\nUsers of rh-nodejs10 are advised to upgrade to these updated packages, which fix this bug.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2019:0772",
"url": "https://access.redhat.com/errata/RHBA-2019:0772"
},
{
"category": "external",
"summary": "1696153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1696153"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhba-2019_0772.json"
}
],
"title": "Red Hat Bug Fix Advisory: rh-nodejs10 bug fix update",
"tracking": {
"current_release_date": "2024-11-15T03:03:34+00:00",
"generator": {
"date": "2024-11-15T03:03:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHBA-2019:0772",
"initial_release_date": "2019-04-17T12:31:11+00:00",
"revision_history": [
{
"date": "2019-04-17T12:31:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-04-17T12:31:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T03:03:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.2-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.2-7.5.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.2-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch",
"product": {
"name": "rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch",
"product_id": "rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs10-nodejs-docs@10.10.0-3.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.aarch64",
"product": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.aarch64",
"product_id": "rh-nodejs10-nodejs-0:10.10.0-3.el7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs10-nodejs@10.10.0-3.el7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.aarch64",
"product": {
"name": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.aarch64",
"product_id": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs10-nodejs-debuginfo@10.10.0-3.el7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.aarch64",
"product": {
"name": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.aarch64",
"product_id": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs10-nodejs-devel@10.10.0-3.el7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.aarch64",
"product": {
"name": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.aarch64",
"product_id": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs10-npm@6.4.1-10.10.0.3.el7?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.src",
"product": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.src",
"product_id": "rh-nodejs10-nodejs-0:10.10.0-3.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs10-nodejs@10.10.0-3.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x",
"product": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x",
"product_id": "rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs10-nodejs@10.10.0-3.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x",
"product": {
"name": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x",
"product_id": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs10-nodejs-debuginfo@10.10.0-3.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x",
"product": {
"name": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x",
"product_id": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs10-nodejs-devel@10.10.0-3.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x",
"product": {
"name": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x",
"product_id": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs10-npm@6.4.1-10.10.0.3.el7?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le",
"product": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le",
"product_id": "rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs10-nodejs@10.10.0-3.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le",
"product": {
"name": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le",
"product_id": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs10-nodejs-debuginfo@10.10.0-3.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le",
"product": {
"name": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le",
"product_id": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs10-nodejs-devel@10.10.0-3.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le",
"product": {
"name": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le",
"product_id": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs10-npm@6.4.1-10.10.0.3.el7?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64",
"product": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64",
"product_id": "rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs10-nodejs@10.10.0-3.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64",
"product": {
"name": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64",
"product_id": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs10-nodejs-debuginfo@10.10.0-3.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64",
"product": {
"name": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64",
"product_id": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs10-nodejs-devel@10.10.0-3.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64",
"product": {
"name": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64",
"product_id": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nodejs10-npm@6.4.1-10.10.0.3.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.aarch64"
},
"product_reference": "rh-nodejs10-nodejs-0:10.10.0-3.el7.aarch64",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le"
},
"product_reference": "rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x"
},
"product_reference": "rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.src"
},
"product_reference": "rh-nodejs10-nodejs-0:10.10.0-3.el7.src",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64"
},
"product_reference": "rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.aarch64"
},
"product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.aarch64",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le"
},
"product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x"
},
"product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64"
},
"product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.aarch64"
},
"product_reference": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.aarch64",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le"
},
"product_reference": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x"
},
"product_reference": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64"
},
"product_reference": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch"
},
"product_reference": "rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.aarch64"
},
"product_reference": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.aarch64",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le"
},
"product_reference": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x"
},
"product_reference": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64"
},
"product_reference": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le"
},
"product_reference": "rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x"
},
"product_reference": "rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.src"
},
"product_reference": "rh-nodejs10-nodejs-0:10.10.0-3.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64"
},
"product_reference": "rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le"
},
"product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x"
},
"product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64"
},
"product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le"
},
"product_reference": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x"
},
"product_reference": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64"
},
"product_reference": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch"
},
"product_reference": "rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le"
},
"product_reference": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x"
},
"product_reference": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64"
},
"product_reference": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le"
},
"product_reference": "rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x"
},
"product_reference": "rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.src"
},
"product_reference": "rh-nodejs10-nodejs-0:10.10.0-3.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64"
},
"product_reference": "rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le"
},
"product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x"
},
"product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64"
},
"product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le"
},
"product_reference": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x"
},
"product_reference": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64"
},
"product_reference": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch"
},
"product_reference": "rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le"
},
"product_reference": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x"
},
"product_reference": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64"
},
"product_reference": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le"
},
"product_reference": "rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x"
},
"product_reference": "rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.src"
},
"product_reference": "rh-nodejs10-nodejs-0:10.10.0-3.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64"
},
"product_reference": "rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le"
},
"product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x"
},
"product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64"
},
"product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le"
},
"product_reference": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x"
},
"product_reference": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64"
},
"product_reference": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch"
},
"product_reference": "rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le"
},
"product_reference": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x"
},
"product_reference": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64"
},
"product_reference": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.aarch64"
},
"product_reference": "rh-nodejs10-nodejs-0:10.10.0-3.el7.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le"
},
"product_reference": "rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x"
},
"product_reference": "rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.src"
},
"product_reference": "rh-nodejs10-nodejs-0:10.10.0-3.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64"
},
"product_reference": "rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.aarch64"
},
"product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le"
},
"product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x"
},
"product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64"
},
"product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.aarch64"
},
"product_reference": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le"
},
"product_reference": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x"
},
"product_reference": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64"
},
"product_reference": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.2:rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch"
},
"product_reference": "rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.aarch64"
},
"product_reference": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le"
},
"product_reference": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x"
},
"product_reference": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64"
},
"product_reference": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.aarch64"
},
"product_reference": "rh-nodejs10-nodejs-0:10.10.0-3.el7.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le"
},
"product_reference": "rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x"
},
"product_reference": "rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.src"
},
"product_reference": "rh-nodejs10-nodejs-0:10.10.0-3.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64"
},
"product_reference": "rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.aarch64"
},
"product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le"
},
"product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x"
},
"product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64"
},
"product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.aarch64"
},
"product_reference": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le"
},
"product_reference": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x"
},
"product_reference": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64"
},
"product_reference": "rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch"
},
"product_reference": "rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.aarch64"
},
"product_reference": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le"
},
"product_reference": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x"
},
"product_reference": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64"
},
"product_reference": "rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-7166",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2018-08-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1620215"
}
],
"notes": [
{
"category": "description",
"text": "In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer\u0027s` internal \"fill\" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Unintentional exposure of uninitialized memory",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.aarch64",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.src",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.aarch64",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.aarch64",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.aarch64",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.aarch64",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.src",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.aarch64",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.aarch64",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch",
"7Server-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.aarch64",
"7Server-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le",
"7Server-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x",
"7Server-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.aarch64",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.src",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.aarch64",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.aarch64",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch",
"7Workstation-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.aarch64",
"7Workstation-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le",
"7Workstation-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x",
"7Workstation-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-7166"
},
{
"category": "external",
"summary": "RHBZ#1620215",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620215"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-7166",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7166"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-7166",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7166"
}
],
"release_date": "2018-08-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-04-17T12:31:11+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.aarch64",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.src",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.aarch64",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.aarch64",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.aarch64",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.aarch64",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.src",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.aarch64",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.aarch64",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch",
"7Server-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.aarch64",
"7Server-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le",
"7Server-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x",
"7Server-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.aarch64",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.src",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.aarch64",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.aarch64",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch",
"7Workstation-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.aarch64",
"7Workstation-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le",
"7Workstation-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x",
"7Workstation-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2019:0772"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.aarch64",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.src",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.aarch64",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.aarch64",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.aarch64",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x",
"7Server-Alt-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x",
"7Server-RHSCL-3.2-7.4.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x",
"7Server-RHSCL-3.2-7.5.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x",
"7Server-RHSCL-3.2-7.6.Z:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.aarch64",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.src",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.aarch64",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.aarch64",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64",
"7Server-RHSCL-3.2:rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch",
"7Server-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.aarch64",
"7Server-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le",
"7Server-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x",
"7Server-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.aarch64",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.ppc64le",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.s390x",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.src",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-0:10.10.0-3.el7.x86_64",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.aarch64",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.ppc64le",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.s390x",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-debuginfo-0:10.10.0-3.el7.x86_64",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.aarch64",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.ppc64le",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.s390x",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-devel-0:10.10.0-3.el7.x86_64",
"7Workstation-RHSCL-3.2:rh-nodejs10-nodejs-docs-0:10.10.0-3.el7.noarch",
"7Workstation-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.aarch64",
"7Workstation-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.ppc64le",
"7Workstation-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.s390x",
"7Workstation-RHSCL-3.2:rh-nodejs10-npm-0:6.4.1-10.10.0.3.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Unintentional exposure of uninitialized memory"
}
]
}
rhsa-2018_2553
Vulnerability from csaf_redhat
Published
2018-08-22 21:15
Modified
2024-11-22 12:07
Summary
Red Hat Security Advisory: Red Hat OpenShift Application Runtimes Node.js 10.9.0 security update
Notes
Topic
An update is now available for Red Hat OpenShift Application Runtimes.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.
This release of RHOAR Node.js 10.9.0 serves as a replacement for RHOAR Node.js 10.8.0, and includes bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section.
Security Fix(es):
* openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732)
* nodejs: Unintentional exposure of uninitialized memory (CVE-2018-7166)
* nodejs: Out of bounds (OOB) write via UCS-2 encoding (CVE-2018-12115)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Application Runtimes.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.\n\nThis release of RHOAR Node.js 10.9.0 serves as a replacement for RHOAR Node.js 10.8.0, and includes bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section.\n\nSecurity Fix(es):\n\n* openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732)\n\n* nodejs: Unintentional exposure of uninitialized memory (CVE-2018-7166)\n\n* nodejs: Out of bounds (OOB) write via UCS-2 encoding (CVE-2018-12115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:2553",
"url": "https://access.redhat.com/errata/RHSA-2018:2553"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html-single/red_hat_openshift_application_runtimes_release_notes/index#runtime_components_nodejs_rpm_packages",
"url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html-single/red_hat_openshift_application_runtimes_release_notes/index#runtime_components_nodejs_rpm_packages"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"
},
{
"category": "external",
"summary": "1591100",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591100"
},
{
"category": "external",
"summary": "1620215",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620215"
},
{
"category": "external",
"summary": "1620219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620219"
},
{
"category": "external",
"summary": "NODE-152",
"url": "https://issues.redhat.com/browse/NODE-152"
},
{
"category": "external",
"summary": "NODE-153",
"url": "https://issues.redhat.com/browse/NODE-153"
},
{
"category": "external",
"summary": "NODE-154",
"url": "https://issues.redhat.com/browse/NODE-154"
},
{
"category": "external",
"summary": "NODE-155",
"url": "https://issues.redhat.com/browse/NODE-155"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2553.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Application Runtimes Node.js 10.9.0 security update",
"tracking": {
"current_release_date": "2024-11-22T12:07:29+00:00",
"generator": {
"date": "2024-11-22T12:07:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:2553",
"initial_release_date": "2018-08-22T21:15:00+00:00",
"revision_history": [
{
"date": "2018-08-22T21:15:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-08-22T21:15:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T12:07:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Application Runtimes Node.js 10",
"product": {
"name": "Red Hat OpenShift Application Runtimes Node.js 10",
"product_id": "7Server-RH7-RHOAR-NODEJS-10",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Application Runtimes"
},
{
"branches": [
{
"category": "product_version",
"name": "rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64",
"product": {
"name": "rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64",
"product_id": "rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhoar-nodejs-debuginfo@10.9.0-1.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:6.2.0-1.10.9.0.1.el7.x86_64",
"product": {
"name": "npm-1:6.2.0-1.10.9.0.1.el7.x86_64",
"product_id": "npm-1:6.2.0-1.10.9.0.1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@6.2.0-1.10.9.0.1.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhoar-nodejs-1:10.9.0-1.el7.x86_64",
"product": {
"name": "rhoar-nodejs-1:10.9.0-1.el7.x86_64",
"product_id": "rhoar-nodejs-1:10.9.0-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhoar-nodejs@10.9.0-1.el7?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhoar-nodejs-docs-1:10.9.0-1.el7.noarch",
"product": {
"name": "rhoar-nodejs-docs-1:10.9.0-1.el7.noarch",
"product_id": "rhoar-nodejs-docs-1:10.9.0-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhoar-nodejs-docs@10.9.0-1.el7?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "rhoar-nodejs-1:10.9.0-1.el7.src",
"product": {
"name": "rhoar-nodejs-1:10.9.0-1.el7.src",
"product_id": "rhoar-nodejs-1:10.9.0-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhoar-nodejs@10.9.0-1.el7?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:6.2.0-1.10.9.0.1.el7.x86_64 as a component of Red Hat OpenShift Application Runtimes Node.js 10",
"product_id": "7Server-RH7-RHOAR-NODEJS-10:npm-1:6.2.0-1.10.9.0.1.el7.x86_64"
},
"product_reference": "npm-1:6.2.0-1.10.9.0.1.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOAR-NODEJS-10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhoar-nodejs-1:10.9.0-1.el7.src as a component of Red Hat OpenShift Application Runtimes Node.js 10",
"product_id": "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.src"
},
"product_reference": "rhoar-nodejs-1:10.9.0-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOAR-NODEJS-10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhoar-nodejs-1:10.9.0-1.el7.x86_64 as a component of Red Hat OpenShift Application Runtimes Node.js 10",
"product_id": "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.x86_64"
},
"product_reference": "rhoar-nodejs-1:10.9.0-1.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOAR-NODEJS-10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64 as a component of Red Hat OpenShift Application Runtimes Node.js 10",
"product_id": "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64"
},
"product_reference": "rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOAR-NODEJS-10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhoar-nodejs-docs-1:10.9.0-1.el7.noarch as a component of Red Hat OpenShift Application Runtimes Node.js 10",
"product_id": "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-docs-1:10.9.0-1.el7.noarch"
},
"product_reference": "rhoar-nodejs-docs-1:10.9.0-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOAR-NODEJS-10"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-0732",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2018-06-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1591100"
}
],
"notes": [
{
"category": "description",
"text": "During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOAR-NODEJS-10:npm-1:6.2.0-1.10.9.0.1.el7.x86_64",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.src",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.x86_64",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-docs-1:10.9.0-1.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-0732"
},
{
"category": "external",
"summary": "RHBZ#1591100",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591100"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0732",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0732"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20180612.txt",
"url": "https://www.openssl.org/news/secadv/20180612.txt"
}
],
"release_date": "2018-06-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-22T21:15:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOAR-NODEJS-10:npm-1:6.2.0-1.10.9.0.1.el7.x86_64",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.src",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.x86_64",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-docs-1:10.9.0-1.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOAR-NODEJS-10:npm-1:6.2.0-1.10.9.0.1.el7.x86_64",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.src",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.x86_64",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-docs-1:10.9.0-1.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang"
},
{
"cve": "CVE-2018-7166",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2018-08-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1620215"
}
],
"notes": [
{
"category": "description",
"text": "In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer\u0027s` internal \"fill\" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Unintentional exposure of uninitialized memory",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOAR-NODEJS-10:npm-1:6.2.0-1.10.9.0.1.el7.x86_64",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.src",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.x86_64",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-docs-1:10.9.0-1.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-7166"
},
{
"category": "external",
"summary": "RHBZ#1620215",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620215"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-7166",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7166"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-7166",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7166"
}
],
"release_date": "2018-08-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-22T21:15:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOAR-NODEJS-10:npm-1:6.2.0-1.10.9.0.1.el7.x86_64",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.src",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.x86_64",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-docs-1:10.9.0-1.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOAR-NODEJS-10:npm-1:6.2.0-1.10.9.0.1.el7.x86_64",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.src",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.x86_64",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-docs-1:10.9.0-1.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Unintentional exposure of uninitialized memory"
},
{
"cve": "CVE-2018-12115",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2018-08-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1620219"
}
],
"notes": [
{
"category": "description",
"text": "In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `\u0027ucs2\u0027`, `\u0027ucs-2\u0027`, `\u0027utf16le\u0027` and `\u0027utf-16le\u0027`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Out of bounds (OOB) write via UCS-2 encoding",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Openshift Container Platform 3.x versions are potentially vulnerable via the jenkins-slave-nodejs and jenkins-agent-nodejs containers. However a build would have to occur with a malicious jenkins pipeline, or nodejs source code supplied by an attacker, reducing the impact of this flaw to moderate. Both container images used nodejs delivered from Red Hat Software Collections.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOAR-NODEJS-10:npm-1:6.2.0-1.10.9.0.1.el7.x86_64",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.src",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.x86_64",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-docs-1:10.9.0-1.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12115"
},
{
"category": "external",
"summary": "RHBZ#1620219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620219"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12115",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12115"
}
],
"release_date": "2018-08-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-22T21:15:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOAR-NODEJS-10:npm-1:6.2.0-1.10.9.0.1.el7.x86_64",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.src",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.x86_64",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-docs-1:10.9.0-1.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2553"
},
{
"category": "workaround",
"details": "On Openshift Container Platform 3.x you can override the container image used on the Jenkins Slave by specifying the JENKINS_SLAVE_IMAGE environment variable in your jenkins deployment configuration. Ref:\n\nhttps://github.com/openshift/jenkins/blob/8e1ab16fb5f44d6570018c5dfa3407692fdba6e5/2/contrib/jenkins/kube-slave-common.sh#L27-L33",
"product_ids": [
"7Server-RH7-RHOAR-NODEJS-10:npm-1:6.2.0-1.10.9.0.1.el7.x86_64",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.src",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.x86_64",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-docs-1:10.9.0-1.el7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOAR-NODEJS-10:npm-1:6.2.0-1.10.9.0.1.el7.x86_64",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.src",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.x86_64",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64",
"7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-docs-1:10.9.0-1.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Out of bounds (OOB) write via UCS-2 encoding"
}
]
}
ghsa-6v28-c2x2-8p46
Vulnerability from github
Published
2022-05-13 01:16
Modified
2022-05-13 01:16
Severity ?
Details
In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause Buffer.alloc() to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying encoding can be passed as a number, this is misinterpreted by Buffer's internal "fill" method as the start to a fill operation. This flaw may be abused where Buffer.alloc() arguments are derived from user input to return uncleared memory blocks that may contain sensitive information.
{
"affected": [],
"aliases": [
"CVE-2018-7166"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-08-21T12:29:00Z",
"severity": "HIGH"
},
"details": "In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer\u0027s` internal \"fill\" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information.",
"id": "GHSA-6v28-c2x2-8p46",
"modified": "2022-05-13T01:16:08Z",
"published": "2022-05-13T01:16:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7166"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2553"
},
{
"type": "WEB",
"url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
gsd-2018-7166
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer's` internal "fill" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-7166",
"description": "In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer\u0027s` internal \"fill\" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information.",
"id": "GSD-2018-7166",
"references": [
"https://www.suse.com/security/cve/CVE-2018-7166.html",
"https://access.redhat.com/errata/RHBA-2019:0772",
"https://access.redhat.com/errata/RHSA-2018:2553"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-7166"
],
"details": "In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer\u0027s` internal \"fill\" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information.",
"id": "GSD-2018-7166",
"modified": "2023-12-13T01:22:33.152967Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve-request@iojs.org",
"DATE_PUBLIC": "2018-08-12T00:00:00",
"ID": "CVE-2018-7166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Node.js",
"version": {
"version_data": [
{
"version_value": "All versions of Node.js 10 prior to 10.9.0"
}
]
}
}
]
},
"vendor_name": "The Node.js Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer\u0027s` internal \"fill\" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-226: Sensitive Information Uncleared Before Release"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2553",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2553"
},
{
"name": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/",
"refsource": "CONFIRM",
"url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.9.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve-request@iojs.org",
"ID": "CVE-2018-7166"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer\u0027s` internal \"fill\" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"
},
{
"name": "RHSA-2018:2553",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2553"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2020-09-22T13:59Z",
"publishedDate": "2018-08-21T12:29Z"
}
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.