Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2019-16777
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T01:24:47.252Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "name": "openSUSE-SU-2020:0059", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html" }, { "name": "FEDORA-2020-595ce5e3cc", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/" }, { "name": "RHEA-2020:0330", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHEA-2020:0330" }, { "name": "RHSA-2020:0573", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2020:0573" }, { "name": "RHSA-2020:0579", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2020:0579" }, { "name": "RHSA-2020:0597", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2020:0597" }, { "name": "RHSA-2020:0602", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2020:0602" }, { "name": "GLSA-202003-48", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202003-48" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "cli", "vendor": "npm", "versions": [ { "lessThan": "6.13.4", "status": "affected", "version": "\u003c 6.13.4", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-20T20:06:15", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "name": "openSUSE-SU-2020:0059", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html" }, { "name": "FEDORA-2020-595ce5e3cc", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/" }, { "name": "RHEA-2020:0330", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHEA-2020:0330" }, { "name": "RHSA-2020:0573", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2020:0573" }, { "name": "RHSA-2020:0579", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2020:0579" }, { "name": "RHSA-2020:0597", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2020:0597" }, { "name": "RHSA-2020:0602", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2020:0602" }, { "name": "GLSA-202003-48", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202003-48" } ], "source": { "advisory": "GHSA-4328-8hgf-7wjr", "discovery": "UNKNOWN" }, "title": "Arbitrary File Overwrite in npm CLI", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2019-16777", "STATE": "PUBLIC", "TITLE": "Arbitrary File Overwrite in npm CLI" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "cli", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "\u003c 6.13.4", "version_value": "6.13.4" } ] } } ] }, "vendor_name": "npm" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli", "refsource": "MISC", "url": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli" }, { "name": "https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr", "refsource": "CONFIRM", "url": "https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr" }, { "name": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "name": "openSUSE-SU-2020:0059", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html" }, { "name": "FEDORA-2020-595ce5e3cc", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/" }, { "name": "RHEA-2020:0330", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHEA-2020:0330" }, { "name": "RHSA-2020:0573", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0573" }, { "name": "RHSA-2020:0579", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0579" }, { "name": "RHSA-2020:0597", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0597" }, { "name": "RHSA-2020:0602", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0602" }, { "name": "GLSA-202003-48", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-48" } ] }, "source": { "advisory": "GHSA-4328-8hgf-7wjr", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2019-16777", "datePublished": "2019-12-13T01:00:21", "dateReserved": "2019-09-24T00:00:00", "dateUpdated": "2024-08-05T01:24:47.252Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2019-16777\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2019-12-13T01:15:11.007\",\"lastModified\":\"2024-11-21T04:31:10.213\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.\"},{\"lang\":\"es\",\"value\":\"Las versiones de la CLI npm anteriores a 6.13.4 son vulnerables a una Sobrescritura de Archivos Arbitrarios. No puede impedir que los binarios existentes instalados globalmente sean sobrescritos por otras instalaciones de paquete. Por ejemplo, si un paquete fue instalado globalmente y cre\u00f3 un binario de servicio, cualquier instalaci\u00f3n posterior de paquetes que tambi\u00e9n crea un binario de servicio sobrescribir\u00e1 el binario de servicio anterior. Este comportamiento todav\u00eda es permitido en instalaciones locales y tambi\u00e9n por medio de scripts de instalaci\u00f3n. Esta vulnerabilidad omite a un usuario que usa la opci\u00f3n de instalaci\u00f3n --ignore-scripts.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.3,\"impactScore\":5.8},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:P\",\"baseScore\":5.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:npmjs:npm:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.13.4\",\"matchCriteriaId\":\"A90A3634-8A7A-4F77-B15E-CED8B01204CC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:19.3.0.2:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"6B257954-6EF3-4CBF-A8A7-699F70F98153\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92BC9265-6959-4D37-BE5E-8C45E98992F8\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHEA-2020:0330\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0573\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0579\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0597\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0602\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://security.gentoo.org/glsa/202003-48\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHEA-2020:0330\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0573\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0579\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0597\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0602\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202003-48\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
rhsa-2020_0579
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.\n\nThe following packages have been upgraded to a later upstream version: nodejs (10.19.0).\n\nSecurity Fix(es):\n\n* nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605)\n\n* nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string (CVE-2019-15604)\n\n* nodejs: HTTP header values do not have trailing optional whitespace trimmed (CVE-2019-15606)\n\n* npm: Symlink reference outside of node_modules folder through the bin field upon installation (CVE-2019-16775)\n\n* npm: Arbitrary file write via constructed entry in the package.json bin field (CVE-2019-16776)\n\n* npm: Global node_modules Binary Overwrite (CVE-2019-16777)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:0579", "url": "https://access.redhat.com/errata/RHSA-2020:0579" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1788301", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788301" }, { "category": "external", "summary": "1788305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788305" }, { "category": "external", "summary": "1788310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788310" }, { "category": "external", "summary": "1800364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800364" }, { "category": "external", "summary": "1800366", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800366" }, { "category": "external", "summary": "1800367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800367" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0579.json" } ], "title": "Red Hat Security Advisory: nodejs:10 security update", "tracking": { "current_release_date": "2024-11-15T04:16:40+00:00", "generator": { "date": "2024-11-15T04:16:40+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:0579", "initial_release_date": "2020-02-25T08:39:40+00:00", "revision_history": [ { "date": "2020-02-25T08:39:40+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-02-25T08:39:40+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T04:16:40+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "nodejs:10:8010020200213140254:c27ad7f8", "product": { "name": "nodejs:10:8010020200213140254:c27ad7f8", "product_id": "nodejs:10:8010020200213140254:c27ad7f8", "product_identification_helper": { "purl": "pkg:rpmmod/redhat/nodejs@10:8010020200213140254:c27ad7f8" } } }, { "category": "product_version", "name": "nodejs-docs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.noarch", "product": { "name": "nodejs-docs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.noarch", "product_id": "nodejs-docs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-docs@10.19.0-1.module%2Bel8.1.0%2B5726%2B6ed65f8c?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "product": { "name": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "product_id": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-nodemon@1.18.3-1.module%2Bel8%2B2632%2B6c5111ed?arch=noarch" } } }, { "category": "product_version", "name": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "product": { "name": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "product_id": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-packaging@17-3.module%2Bel8%2B2873%2Baa7dfd9a?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "product": { "name": "nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "product_id": "nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@10.19.0-1.module%2Bel8.1.0%2B5726%2B6ed65f8c?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "product": { "name": "nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "product_id": "nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@10.19.0-1.module%2Bel8.1.0%2B5726%2B6ed65f8c?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "product": { "name": "nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "product_id": "nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@10.19.0-1.module%2Bel8.1.0%2B5726%2B6ed65f8c?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "product": { "name": "nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "product_id": "nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@10.19.0-1.module%2Bel8.1.0%2B5726%2B6ed65f8c?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.aarch64", "product": { "name": "npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.aarch64", "product_id": "npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.13.4-1.10.19.0.1.module%2Bel8.1.0%2B5726%2B6ed65f8c?arch=aarch64\u0026epoch=1" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.src", "product": { "name": "nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.src", "product_id": "nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@10.19.0-1.module%2Bel8.1.0%2B5726%2B6ed65f8c?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "product": { "name": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "product_id": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-nodemon@1.18.3-1.module%2Bel8%2B2632%2B6c5111ed?arch=src" } } }, { "category": "product_version", "name": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "product": { "name": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "product_id": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-packaging@17-3.module%2Bel8%2B2873%2Baa7dfd9a?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "product": { "name": "nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "product_id": "nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@10.19.0-1.module%2Bel8.1.0%2B5726%2B6ed65f8c?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "product": { "name": "nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "product_id": "nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@10.19.0-1.module%2Bel8.1.0%2B5726%2B6ed65f8c?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "product": { "name": "nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "product_id": "nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@10.19.0-1.module%2Bel8.1.0%2B5726%2B6ed65f8c?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "product": { "name": "nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "product_id": "nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@10.19.0-1.module%2Bel8.1.0%2B5726%2B6ed65f8c?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.ppc64le", "product": { "name": "npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.ppc64le", "product_id": "npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.13.4-1.10.19.0.1.module%2Bel8.1.0%2B5726%2B6ed65f8c?arch=ppc64le\u0026epoch=1" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "product": { "name": "nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "product_id": "nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@10.19.0-1.module%2Bel8.1.0%2B5726%2B6ed65f8c?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "product": { "name": "nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "product_id": "nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@10.19.0-1.module%2Bel8.1.0%2B5726%2B6ed65f8c?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "product": { "name": "nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "product_id": "nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@10.19.0-1.module%2Bel8.1.0%2B5726%2B6ed65f8c?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "product": { "name": "nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "product_id": "nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@10.19.0-1.module%2Bel8.1.0%2B5726%2B6ed65f8c?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.s390x", "product": { "name": "npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.s390x", "product_id": "npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.13.4-1.10.19.0.1.module%2Bel8.1.0%2B5726%2B6ed65f8c?arch=s390x\u0026epoch=1" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "product": { "name": "nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "product_id": "nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@10.19.0-1.module%2Bel8.1.0%2B5726%2B6ed65f8c?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "product": { "name": "nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "product_id": "nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@10.19.0-1.module%2Bel8.1.0%2B5726%2B6ed65f8c?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "product": { "name": "nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "product_id": "nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@10.19.0-1.module%2Bel8.1.0%2B5726%2B6ed65f8c?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "product": { "name": "nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "product_id": "nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@10.19.0-1.module%2Bel8.1.0%2B5726%2B6ed65f8c?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "product": { "name": "nodejs-devel-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "product_id": "nodejs-devel-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel-debuginfo@10.19.0-1.module%2Bel8.1.0%2B5726%2B6ed65f8c?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.x86_64", "product": { "name": "npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.x86_64", "product_id": "npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.13.4-1.10.19.0.1.module%2Bel8.1.0%2B5726%2B6ed65f8c?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "nodejs:10:8010020200213140254:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8" }, "product_reference": "nodejs:10:8010020200213140254:c27ad7f8", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64 as a component of nodejs:10:8010020200213140254:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64" }, "product_reference": "nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le as a component of nodejs:10:8010020200213140254:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le" }, "product_reference": "nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x as a component of nodejs:10:8010020200213140254:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x" }, "product_reference": "nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.src as a component of nodejs:10:8010020200213140254:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.src" }, "product_reference": "nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.src", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64 as a component of nodejs:10:8010020200213140254:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64" }, "product_reference": "nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64 as a component of nodejs:10:8010020200213140254:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64" }, "product_reference": "nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le as a component of nodejs:10:8010020200213140254:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le" }, "product_reference": "nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x as a component of nodejs:10:8010020200213140254:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x" }, "product_reference": "nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64 as a component of nodejs:10:8010020200213140254:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64" }, "product_reference": "nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64 as a component of nodejs:10:8010020200213140254:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64" }, "product_reference": "nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le as a component of nodejs:10:8010020200213140254:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le" }, "product_reference": "nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x as a component of nodejs:10:8010020200213140254:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x" }, "product_reference": "nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64 as a component of nodejs:10:8010020200213140254:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64" }, "product_reference": "nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64 as a component of nodejs:10:8010020200213140254:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64" }, "product_reference": "nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le as a component of nodejs:10:8010020200213140254:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le" }, "product_reference": "nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x as a component of nodejs:10:8010020200213140254:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x" }, "product_reference": "nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64 as a component of nodejs:10:8010020200213140254:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64" }, "product_reference": "nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64 as a component of nodejs:10:8010020200213140254:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64" }, "product_reference": "nodejs-devel-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-docs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.noarch as a component of nodejs:10:8010020200213140254:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-docs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.noarch" }, "product_reference": "nodejs-docs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch as a component of nodejs:10:8010020200213140254:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch" }, "product_reference": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src as a component of nodejs:10:8010020200213140254:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src" }, "product_reference": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch as a component of nodejs:10:8010020200213140254:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch" }, "product_reference": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src as a component of nodejs:10:8010020200213140254:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src" }, "product_reference": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.aarch64 as a component of nodejs:10:8010020200213140254:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.aarch64" }, "product_reference": "npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.aarch64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.ppc64le as a component of nodejs:10:8010020200213140254:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.ppc64le" }, "product_reference": "npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.s390x as a component of nodejs:10:8010020200213140254:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.s390x" }, "product_reference": "npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.s390x", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.x86_64 as a component of nodejs:10:8010020200213140254:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.x86_64" }, "product_reference": "npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-15604", "cwe": { "id": "CWE-172", "name": "Encoding Error" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800367" } ], "notes": [ { "category": "description", "text": "An encoding error flaw exists in the Node.js code that is used to read a peer certificate in the TLS client authentication. An attacker can use this flaw to crash the process used to handle TLS client authentication.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-docs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15604" }, { "category": "external", "summary": "RHBZ#1800367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800367" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15604", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15604" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" } ], "release_date": "2020-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T08:39:40+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-docs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0579" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-docs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string" }, { "cve": "CVE-2019-15605", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800364" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Node.js code where a specially crafted HTTP(s) request sent to a Node.js server failed to properly process the HTTP(s) headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is deployed behind a proxy server that reuses connections.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: HTTP request smuggling using malformed Transfer-Encoding header", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-docs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15605" }, { "category": "external", "summary": "RHBZ#1800364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800364" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15605", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15605" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" } ], "release_date": "2020-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T08:39:40+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-docs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0579" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "version": "3.1" }, "products": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-docs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "nodejs: HTTP request smuggling using malformed Transfer-Encoding header" }, { "cve": "CVE-2019-15606", "cwe": { "id": "CWE-138", "name": "Improper Neutralization of Special Elements" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800366" } ], "notes": [ { "category": "description", "text": "A flaw was found in Node.js where the HTTP(s) header values were not stripped of trailing whitespace. An attacker can use this flaw to send an HTTP(s) request which is validated by an upstream proxy server, but not by the Node.js HTTP(s) server.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: HTTP header values do not have trailing optional whitespace trimmed", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-docs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15606" }, { "category": "external", "summary": "RHBZ#1800366", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800366" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15606", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15606" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" } ], "release_date": "2020-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T08:39:40+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-docs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0579" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-docs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: HTTP header values do not have trailing optional whitespace trimmed" }, { "cve": "CVE-2019-16775", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-12-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788305" } ], "notes": [ { "category": "description", "text": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user\u0027s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", "title": "Vulnerability description" }, { "category": "summary", "text": "npm: Symlink reference outside of node_modules folder through the bin field upon installation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-docs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16775" }, { "category": "external", "summary": "RHBZ#1788305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788305" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16775", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16775" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16775", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16775" } ], "release_date": "2019-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T08:39:40+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-docs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0579" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-docs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "npm: Symlink reference outside of node_modules folder through the bin field upon installation" }, { "cve": "CVE-2019-16776", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-12-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788310" } ], "notes": [ { "category": "description", "text": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user\u0027s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", "title": "Vulnerability description" }, { "category": "summary", "text": "npm: Arbitrary file write via constructed entry in the package.json bin field", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-docs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16776" }, { "category": "external", "summary": "RHBZ#1788310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788310" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16776", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16776" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16776", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16776" } ], "release_date": "2019-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T08:39:40+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-docs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0579" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-docs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "npm: Arbitrary file write via constructed entry in the package.json bin field" }, { "cve": "CVE-2019-16777", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-12-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788301" } ], "notes": [ { "category": "description", "text": "Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", "title": "Vulnerability description" }, { "category": "summary", "text": "npm: Global node_modules Binary Overwrite", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-docs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16777" }, { "category": "external", "summary": "RHBZ#1788301", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788301" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16777", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16777" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16777", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16777" } ], "release_date": "2019-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T08:39:40+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-docs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0579" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-docs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:10:8010020200213140254:c27ad7f8:npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "npm: Global node_modules Binary Overwrite" } ] }
rhsa-2020_2625
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for rh-nodejs8-nodejs is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.\n\nThe following packages have been upgraded to a later upstream version: rh-nodejs8-nodejs (8.17.0). (BZ#1829414)\n\nSecurity Fix(es):\n\n* nodejs-brace-expansion: Regular expression denial of service (CVE-2017-18077)\n\n* nodejs-chownr: TOCTOU vulnerability in `chownr` function in chownr.js (CVE-2017-18869)\n\n* nodejs-sshpk: ReDoS when parsing crafted invalid public keys in lib/formats/ssh.js (CVE-2018-3737)\n\n* nodejs-deep-extend: Prototype pollution can allow attackers to modify object properties (CVE-2018-3750)\n\n* npm: Symlink reference outside of node_modules folder through the bin field upon installation (CVE-2019-16775)\n\n* npm: Arbitrary file write via constructed entry in the package.json bin field (CVE-2019-16776)\n\n* npm: Global node_modules Binary Overwrite (CVE-2019-16777)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:2625", "url": "https://access.redhat.com/errata/RHSA-2020:2625" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1448380", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1448380" }, { "category": "external", "summary": "1567228", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1567228" }, { "category": "external", "summary": "1578246", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578246" }, { "category": "external", "summary": "1611613", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1611613" }, { "category": "external", "summary": "1788301", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788301" }, { "category": "external", "summary": "1788305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788305" }, { "category": "external", "summary": "1788310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788310" }, { "category": "external", "summary": "1829414", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1829414" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2625.json" } ], "title": "Red Hat Security Advisory: rh-nodejs8-nodejs security update", "tracking": { "current_release_date": "2024-11-15T04:20:59+00:00", "generator": { "date": "2024-11-15T04:20:59+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:2625", "initial_release_date": "2020-06-19T03:46:11+00:00", "revision_history": [ { "date": "2020-06-19T03:46:11+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-06-19T03:46:11+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T04:20:59+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.5", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.5", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.5", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.5-7.6.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.5-7.7.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } } ], "category": "product_family", "name": "Red Hat Software Collections" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "product": { "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "product_id": "rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs@8.17.0-2.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "product": { "name": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "product_id": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-devel@8.17.0-2.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "product": { "name": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "product_id": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-npm@6.13.4-8.17.0.2.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "product": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "product_id": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-debuginfo@8.17.0-2.el7?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "product": { "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "product_id": "rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs@8.17.0-2.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "product": { "name": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "product_id": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-devel@8.17.0-2.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "product": { "name": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "product_id": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-npm@6.13.4-8.17.0.2.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "product": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "product_id": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-debuginfo@8.17.0-2.el7?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "product": { "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "product_id": "rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs@8.17.0-2.el7?arch=aarch64" } } }, { "category": "product_version", "name": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "product": { "name": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "product_id": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-devel@8.17.0-2.el7?arch=aarch64" } } }, { "category": "product_version", "name": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "product": { "name": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "product_id": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-npm@6.13.4-8.17.0.2.el7?arch=aarch64" } } }, { "category": "product_version", "name": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "product": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "product_id": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-debuginfo@8.17.0-2.el7?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "product": { "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "product_id": "rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs@8.17.0-2.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "product": { "name": "rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "product_id": "rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-docs@8.17.0-2.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "product": { "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "product_id": "rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs@8.17.0-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "product": { "name": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "product_id": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-devel@8.17.0-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "product": { "name": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "product_id": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-npm@6.13.4-8.17.0.2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "product": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "product_id": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-debuginfo@8.17.0-2.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64" }, "product_reference": "rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src" }, "product_reference": "rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "relates_to_product_reference": "7Server-Alt-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch" }, "product_reference": "rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "relates_to_product_reference": "7Server-Alt-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64" }, "product_reference": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le" }, "product_reference": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x" }, "product_reference": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64" }, "product_reference": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src" }, "product_reference": "rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch" }, "product_reference": "rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le" }, "product_reference": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x" }, "product_reference": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64" }, "product_reference": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src" }, "product_reference": "rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch" }, "product_reference": "rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le" }, "product_reference": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x" }, "product_reference": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64" }, "product_reference": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64" }, "product_reference": "rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src" }, "product_reference": "rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch" }, "product_reference": "rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64" }, "product_reference": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le" }, "product_reference": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x" }, "product_reference": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64" }, "product_reference": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64" }, "product_reference": "rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src" }, "product_reference": "rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "relates_to_product_reference": "7Workstation-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch" }, "product_reference": "rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64" }, "product_reference": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le" }, "product_reference": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x" }, "product_reference": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64" }, "product_reference": "rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.5" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-18077", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2017-04-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1448380" } ], "notes": [ { "category": "description", "text": "index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-brace-expansion: Regular expression denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay include brace-explansion as a build time dependency. It\u0027s not used at runtime and hence has a reduce impact of low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-18077" }, { "category": "external", "summary": "RHBZ#1448380", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1448380" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-18077", "url": "https://www.cve.org/CVERecord?id=CVE-2017-18077" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-18077", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18077" } ], "release_date": "2017-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-06-19T03:46:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2625" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-brace-expansion: Regular expression denial of service" }, { "cve": "CVE-2017-18869", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "discovery_date": "2018-07-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1611613" } ], "notes": [ { "category": "description", "text": "A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-chownr: TOCTOU vulnerability in `chownr` function in chownr.js", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-18869" }, { "category": "external", "summary": "RHBZ#1611613", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1611613" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-18869", "url": "https://www.cve.org/CVERecord?id=CVE-2017-18869" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-18869", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18869" } ], "release_date": "2018-07-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-06-19T03:46:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2625" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-chownr: TOCTOU vulnerability in `chownr` function in chownr.js" }, { "cve": "CVE-2018-3737", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2018-04-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1567228" } ], "notes": [ { "category": "description", "text": "sshpk is vulnerable to ReDoS when parsing crafted invalid public keys.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-sshpk: ReDoS when parsing crafted invalid public keys in lib/formats/ssh.js", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay includes sshpk as a dependency of protractor which is only used during a build. The sshpk dependency is not used at runtime therefore this vulnerability has a low impact for Red Hat Quay.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-3737" }, { "category": "external", "summary": "RHBZ#1567228", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1567228" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-3737", "url": "https://www.cve.org/CVERecord?id=CVE-2018-3737" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-3737", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3737" } ], "release_date": "2018-03-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-06-19T03:46:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2625" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-sshpk: ReDoS when parsing crafted invalid public keys in lib/formats/ssh.js" }, { "cve": "CVE-2018-3750", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2018-05-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1578246" } ], "notes": [ { "category": "description", "text": "The utilities function in all versions \u003c= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-deep-extend: Prototype pollution can allow attackers to modify object properties", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-3750" }, { "category": "external", "summary": "RHBZ#1578246", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578246" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-3750", "url": "https://www.cve.org/CVERecord?id=CVE-2018-3750" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-3750", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3750" }, { "category": "external", "summary": "https://hackerone.com/reports/311333", "url": "https://hackerone.com/reports/311333" }, { "category": "external", "summary": "https://nodesecurity.io/advisories/612", "url": "https://nodesecurity.io/advisories/612" } ], "release_date": "2018-04-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-06-19T03:46:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2625" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.0" }, "products": [ "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "nodejs-deep-extend: Prototype pollution can allow attackers to modify object properties" }, { "cve": "CVE-2019-16775", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-12-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788305" } ], "notes": [ { "category": "description", "text": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user\u0027s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", "title": "Vulnerability description" }, { "category": "summary", "text": "npm: Symlink reference outside of node_modules folder through the bin field upon installation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16775" }, { "category": "external", "summary": "RHBZ#1788305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788305" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16775", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16775" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16775", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16775" } ], "release_date": "2019-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-06-19T03:46:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2625" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "npm: Symlink reference outside of node_modules folder through the bin field upon installation" }, { "cve": "CVE-2019-16776", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-12-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788310" } ], "notes": [ { "category": "description", "text": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user\u0027s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", "title": "Vulnerability description" }, { "category": "summary", "text": "npm: Arbitrary file write via constructed entry in the package.json bin field", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16776" }, { "category": "external", "summary": "RHBZ#1788310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788310" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16776", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16776" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16776", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16776" } ], "release_date": "2019-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-06-19T03:46:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2625" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "npm: Arbitrary file write via constructed entry in the package.json bin field" }, { "cve": "CVE-2019-16777", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-12-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788301" } ], "notes": [ { "category": "description", "text": "Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", "title": "Vulnerability description" }, { "category": "summary", "text": "npm: Global node_modules Binary Overwrite", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16777" }, { "category": "external", "summary": "RHBZ#1788301", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788301" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16777", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16777" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16777", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16777" } ], "release_date": "2019-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-06-19T03:46:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2625" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-Alt-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.6.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5-7.7.Z:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Server-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Server-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.src", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-debuginfo-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-devel-0:8.17.0-2.el7.x86_64", "7Workstation-RHSCL-3.5:rh-nodejs8-nodejs-docs-0:8.17.0-2.el7.noarch", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.aarch64", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.ppc64le", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.s390x", "7Workstation-RHSCL-3.5:rh-nodejs8-npm-0:6.13.4-8.17.0.2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "npm: Global node_modules Binary Overwrite" } ] }
rhsa-2020_0597
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for rh-nodejs10-nodejs is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.\n\nThe following packages have been upgraded to a later upstream version: rh-nodejs10-nodejs (10.19.0).\n\nSecurity Fix(es):\n\n* nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605)\n\n* nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string (CVE-2019-15604)\n\n* nodejs: HTTP header values do not have trailing optional whitespace trimmed (CVE-2019-15606)\n\n* npm: Symlink reference outside of node_modules folder through the bin field upon installation (CVE-2019-16775)\n\n* npm: Arbitrary file write via constructed entry in the package.json bin field (CVE-2019-16776)\n\n* npm: Global node_modules Binary Overwrite (CVE-2019-16777)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:0597", "url": "https://access.redhat.com/errata/RHSA-2020:0597" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1788301", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788301" }, { "category": "external", "summary": "1788305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788305" }, { "category": "external", "summary": "1788310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788310" }, { "category": "external", "summary": "1800364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800364" }, { "category": "external", "summary": "1800366", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800366" }, { "category": "external", "summary": "1800367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800367" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0597.json" } ], "title": "Red Hat Security Advisory: rh-nodejs10-nodejs security update", "tracking": { "current_release_date": "2024-11-15T04:15:45+00:00", "generator": { "date": "2024-11-15T04:15:45+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:0597", "initial_release_date": "2020-02-25T13:07:32+00:00", "revision_history": [ { "date": "2020-02-25T13:07:32+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-02-25T13:07:32+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T04:15:45+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } } ], "category": "product_family", "name": "Red Hat Software Collections" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "product": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "product_id": "rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-nodejs@10.19.0-1.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "product": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "product_id": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-nodejs-devel@10.19.0-1.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "product": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "product_id": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-npm@6.13.4-10.19.0.1.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "product": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "product_id": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-nodejs-debuginfo@10.19.0-1.el7?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "product": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "product_id": "rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-nodejs@10.19.0-1.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "product": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "product_id": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-nodejs-devel@10.19.0-1.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "product": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "product_id": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-npm@6.13.4-10.19.0.1.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "product": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "product_id": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-nodejs-debuginfo@10.19.0-1.el7?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "product": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "product_id": "rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-nodejs@10.19.0-1.el7?arch=aarch64" } } }, { "category": "product_version", "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "product": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "product_id": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-nodejs-devel@10.19.0-1.el7?arch=aarch64" } } }, { "category": "product_version", "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "product": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "product_id": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-npm@6.13.4-10.19.0.1.el7?arch=aarch64" } } }, { "category": "product_version", "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "product": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "product_id": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-nodejs-debuginfo@10.19.0-1.el7?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "product": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "product_id": "rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-nodejs@10.19.0-1.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "product": { "name": "rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "product_id": "rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-nodejs-docs@10.19.0-1.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "product": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "product_id": "rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-nodejs@10.19.0-1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "product": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "product_id": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-nodejs-devel@10.19.0-1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "product": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "product_id": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-npm@6.13.4-10.19.0.1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "product": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "product_id": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs10-nodejs-debuginfo@10.19.0-1.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch" }, "product_reference": "rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch" }, "product_reference": "rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch" }, "product_reference": "rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch" }, "product_reference": "rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch" }, "product_reference": "rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64" }, "product_reference": "rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch" }, "product_reference": "rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" }, "product_reference": "rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-15604", "cwe": { "id": "CWE-172", "name": "Encoding Error" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800367" } ], "notes": [ { "category": "description", "text": "An encoding error flaw exists in the Node.js code that is used to read a peer certificate in the TLS client authentication. An attacker can use this flaw to crash the process used to handle TLS client authentication.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15604" }, { "category": "external", "summary": "RHBZ#1800367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800367" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15604", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15604" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" } ], "release_date": "2020-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T13:07:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0597" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string" }, { "cve": "CVE-2019-15605", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800364" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Node.js code where a specially crafted HTTP(s) request sent to a Node.js server failed to properly process the HTTP(s) headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is deployed behind a proxy server that reuses connections.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: HTTP request smuggling using malformed Transfer-Encoding header", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15605" }, { "category": "external", "summary": "RHBZ#1800364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800364" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15605", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15605" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" } ], "release_date": "2020-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T13:07:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0597" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "nodejs: HTTP request smuggling using malformed Transfer-Encoding header" }, { "cve": "CVE-2019-15606", "cwe": { "id": "CWE-138", "name": "Improper Neutralization of Special Elements" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800366" } ], "notes": [ { "category": "description", "text": "A flaw was found in Node.js where the HTTP(s) header values were not stripped of trailing whitespace. An attacker can use this flaw to send an HTTP(s) request which is validated by an upstream proxy server, but not by the Node.js HTTP(s) server.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: HTTP header values do not have trailing optional whitespace trimmed", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15606" }, { "category": "external", "summary": "RHBZ#1800366", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800366" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15606", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15606" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" } ], "release_date": "2020-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T13:07:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0597" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: HTTP header values do not have trailing optional whitespace trimmed" }, { "cve": "CVE-2019-16775", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-12-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788305" } ], "notes": [ { "category": "description", "text": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user\u0027s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", "title": "Vulnerability description" }, { "category": "summary", "text": "npm: Symlink reference outside of node_modules folder through the bin field upon installation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16775" }, { "category": "external", "summary": "RHBZ#1788305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788305" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16775", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16775" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16775", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16775" } ], "release_date": "2019-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T13:07:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0597" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "npm: Symlink reference outside of node_modules folder through the bin field upon installation" }, { "cve": "CVE-2019-16776", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-12-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788310" } ], "notes": [ { "category": "description", "text": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user\u0027s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", "title": "Vulnerability description" }, { "category": "summary", "text": "npm: Arbitrary file write via constructed entry in the package.json bin field", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16776" }, { "category": "external", "summary": "RHBZ#1788310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788310" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16776", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16776" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16776", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16776" } ], "release_date": "2019-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T13:07:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0597" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "npm: Arbitrary file write via constructed entry in the package.json bin field" }, { "cve": "CVE-2019-16777", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-12-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788301" } ], "notes": [ { "category": "description", "text": "Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", "title": "Vulnerability description" }, { "category": "summary", "text": "npm: Global node_modules Binary Overwrite", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16777" }, { "category": "external", "summary": "RHBZ#1788301", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788301" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16777", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16777" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16777", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16777" } ], "release_date": "2019-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T13:07:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0597" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-devel-0:10.19.0-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs10-nodejs-docs-0:10.19.0-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "npm: Global node_modules Binary Overwrite" } ] }
rhsa-2020_0573
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.\n\nThe following packages have been upgraded to a later upstream version: nodejs (10.19.0).\n\nSecurity Fix(es):\n\n* nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605)\n\n* nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string (CVE-2019-15604)\n\n* nodejs: HTTP header values do not have trailing optional whitespace trimmed (CVE-2019-15606)\n\n* npm: Symlink reference outside of node_modules folder through the bin field upon installation (CVE-2019-16775)\n\n* npm: Arbitrary file write via constructed entry in the package.json bin field (CVE-2019-16776)\n\n* npm: Global node_modules Binary Overwrite (CVE-2019-16777)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:0573", "url": "https://access.redhat.com/errata/RHSA-2020:0573" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1788301", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788301" }, { "category": "external", "summary": "1788305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788305" }, { "category": "external", "summary": "1788310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788310" }, { "category": "external", "summary": "1800364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800364" }, { "category": "external", "summary": "1800366", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800366" }, { "category": "external", "summary": "1800367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800367" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0573.json" } ], "title": "Red Hat Security Advisory: nodejs:10 security update", "tracking": { "current_release_date": "2024-11-15T04:16:33+00:00", "generator": { "date": "2024-11-15T04:16:33+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:0573", "initial_release_date": "2020-02-24T12:55:00+00:00", "revision_history": [ { "date": "2020-02-24T12:55:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-02-24T12:55:00+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T04:16:33+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product": { "name": "Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_e4s:8.0::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "nodejs:10:8000020200214110450:f8e95b4e", "product": { "name": "nodejs:10:8000020200214110450:f8e95b4e", "product_id": "nodejs:10:8000020200214110450:f8e95b4e", "product_identification_helper": { "purl": "pkg:rpmmod/redhat/nodejs@10:8000020200214110450:f8e95b4e" } } }, { "category": "product_version", "name": "nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "product": { "name": "nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "product_id": "nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-docs@10.19.0-1.module%2Bel8.0.0%2B5738%2B1362a79c?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "product": { "name": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "product_id": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-nodemon@1.18.3-1.module%2Bel8%2B2632%2B6c5111ed?arch=noarch" } } }, { "category": "product_version", "name": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "product": { "name": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "product_id": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-packaging@17-3.module%2Bel8%2B2873%2Baa7dfd9a?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "product": { "name": "nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "product_id": "nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@10.19.0-1.module%2Bel8.0.0%2B5738%2B1362a79c?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "product": { "name": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "product_id": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-nodemon@1.18.3-1.module%2Bel8%2B2632%2B6c5111ed?arch=src" } } }, { "category": "product_version", "name": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "product": { "name": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "product_id": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-packaging@17-3.module%2Bel8%2B2873%2Baa7dfd9a?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "product": { "name": "nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "product_id": "nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@10.19.0-1.module%2Bel8.0.0%2B5738%2B1362a79c?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "product": { "name": "nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "product_id": "nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@10.19.0-1.module%2Bel8.0.0%2B5738%2B1362a79c?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "product": { "name": "nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "product_id": "nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@10.19.0-1.module%2Bel8.0.0%2B5738%2B1362a79c?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "product": { "name": "nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "product_id": "nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@10.19.0-1.module%2Bel8.0.0%2B5738%2B1362a79c?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "product": { "name": "npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "product_id": "npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.13.4-1.10.19.0.1.module%2Bel8.0.0%2B5738%2B1362a79c?arch=ppc64le\u0026epoch=1" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "product": { "name": "nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "product_id": "nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@10.19.0-1.module%2Bel8.0.0%2B5738%2B1362a79c?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "product": { "name": "nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "product_id": "nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@10.19.0-1.module%2Bel8.0.0%2B5738%2B1362a79c?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "product": { "name": "nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "product_id": "nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@10.19.0-1.module%2Bel8.0.0%2B5738%2B1362a79c?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "product": { "name": "nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "product_id": "nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@10.19.0-1.module%2Bel8.0.0%2B5738%2B1362a79c?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "product": { "name": "nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "product_id": "nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel-debuginfo@10.19.0-1.module%2Bel8.0.0%2B5738%2B1362a79c?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64", "product": { "name": "npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64", "product_id": "npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.13.4-1.10.19.0.1.module%2Bel8.0.0%2B5738%2B1362a79c?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, "product_reference": "nodejs:10:8000020200214110450:f8e95b4e", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le" }, "product_reference": "nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src" }, "product_reference": "nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64 as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64" }, "product_reference": "nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le" }, "product_reference": "nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64 as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64" }, "product_reference": "nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le" }, "product_reference": "nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64 as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64" }, "product_reference": "nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le" }, "product_reference": "nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64 as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64" }, "product_reference": "nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64 as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64" }, "product_reference": "nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch" }, "product_reference": "nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch" }, "product_reference": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src" }, "product_reference": "nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch" }, "product_reference": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src" }, "product_reference": "nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le" }, "product_reference": "npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64 as a component of nodejs:10:8000020200214110450:f8e95b4e as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)", "product_id": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64" }, "product_reference": "npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64", "relates_to_product_reference": "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-15604", "cwe": { "id": "CWE-172", "name": "Encoding Error" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800367" } ], "notes": [ { "category": "description", "text": "An encoding error flaw exists in the Node.js code that is used to read a peer certificate in the TLS client authentication. An attacker can use this flaw to crash the process used to handle TLS client authentication.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15604" }, { "category": "external", "summary": "RHBZ#1800367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800367" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15604", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15604" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" } ], "release_date": "2020-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-24T12:55:00+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0573" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string" }, { "cve": "CVE-2019-15605", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800364" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Node.js code where a specially crafted HTTP(s) request sent to a Node.js server failed to properly process the HTTP(s) headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is deployed behind a proxy server that reuses connections.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: HTTP request smuggling using malformed Transfer-Encoding header", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15605" }, { "category": "external", "summary": "RHBZ#1800364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800364" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15605", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15605" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" } ], "release_date": "2020-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-24T12:55:00+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0573" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "version": "3.1" }, "products": [ "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "nodejs: HTTP request smuggling using malformed Transfer-Encoding header" }, { "cve": "CVE-2019-15606", "cwe": { "id": "CWE-138", "name": "Improper Neutralization of Special Elements" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800366" } ], "notes": [ { "category": "description", "text": "A flaw was found in Node.js where the HTTP(s) header values were not stripped of trailing whitespace. An attacker can use this flaw to send an HTTP(s) request which is validated by an upstream proxy server, but not by the Node.js HTTP(s) server.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: HTTP header values do not have trailing optional whitespace trimmed", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15606" }, { "category": "external", "summary": "RHBZ#1800366", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800366" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15606", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15606" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" } ], "release_date": "2020-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-24T12:55:00+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0573" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: HTTP header values do not have trailing optional whitespace trimmed" }, { "cve": "CVE-2019-16775", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-12-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788305" } ], "notes": [ { "category": "description", "text": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user\u0027s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", "title": "Vulnerability description" }, { "category": "summary", "text": "npm: Symlink reference outside of node_modules folder through the bin field upon installation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16775" }, { "category": "external", "summary": "RHBZ#1788305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788305" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16775", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16775" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16775", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16775" } ], "release_date": "2019-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-24T12:55:00+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0573" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "npm: Symlink reference outside of node_modules folder through the bin field upon installation" }, { "cve": "CVE-2019-16776", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-12-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788310" } ], "notes": [ { "category": "description", "text": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user\u0027s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", "title": "Vulnerability description" }, { "category": "summary", "text": "npm: Arbitrary file write via constructed entry in the package.json bin field", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16776" }, { "category": "external", "summary": "RHBZ#1788310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788310" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16776", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16776" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16776", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16776" } ], "release_date": "2019-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-24T12:55:00+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0573" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "npm: Arbitrary file write via constructed entry in the package.json bin field" }, { "cve": "CVE-2019-16777", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-12-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788301" } ], "notes": [ { "category": "description", "text": "Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", "title": "Vulnerability description" }, { "category": "summary", "text": "npm: Global node_modules Binary Overwrite", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16777" }, { "category": "external", "summary": "RHBZ#1788301", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788301" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16777", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16777" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16777", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16777" } ], "release_date": "2019-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-24T12:55:00+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0573" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c.x86_64", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.noarch", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a.src", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.ppc64le", "AppStream-8.0.0.Z.E4S:nodejs:10:8000020200214110450:f8e95b4e:npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "npm: Global node_modules Binary Overwrite" } ] }
rhea-2020_0330
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.", "title": "Topic" }, { "category": "general", "text": "The following packages have been upgraded to a later upstream version: nodejs (12.14.1). (BZ#1791067)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHEA-2020:0330", "url": "https://access.redhat.com/errata/RHEA-2020:0330" }, { "category": "external", "summary": "1791067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791067" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhea-2020_0330.json" } ], "title": "Red Hat Enhancement Advisory: nodejs:12 enhancement update", "tracking": { "current_release_date": "2024-11-15T04:09:36+00:00", "generator": { "date": "2024-11-15T04:09:36+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHEA-2020:0330", "initial_release_date": "2020-02-04T13:22:41+00:00", "revision_history": [ { "date": "2020-02-04T13:22:41+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-02-04T13:22:41+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T04:09:36+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "nodejs:12:8010020200116150415:c27ad7f8", "product": { "name": "nodejs:12:8010020200116150415:c27ad7f8", "product_id": "nodejs:12:8010020200116150415:c27ad7f8", "product_identification_helper": { "purl": "pkg:rpmmod/redhat/nodejs@12:8010020200116150415:c27ad7f8" } } }, { "category": "product_version", "name": "nodejs-docs-1:12.14.1-1.module+el8.1.0+5466+30f75629.noarch", "product": { "name": "nodejs-docs-1:12.14.1-1.module+el8.1.0+5466+30f75629.noarch", "product_id": "nodejs-docs-1:12.14.1-1.module+el8.1.0+5466+30f75629.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-docs@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "product": { "name": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "product_id": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-nodemon@1.18.3-1.module%2Bel8.1.0%2B3369%2B37ae6a45?arch=noarch" } } }, { "category": "product_version", "name": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "product": { "name": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "product_id": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-packaging@17-3.module%2Bel8.1.0%2B3369%2B37ae6a45?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "product": { "name": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "product_id": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "product": { "name": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "product_id": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "product": { "name": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "product_id": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "product": { "name": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "product_id": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.aarch64", "product": { "name": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.aarch64", "product_id": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.13.4-1.12.14.1.1.module%2Bel8.1.0%2B5466%2B30f75629?arch=aarch64\u0026epoch=1" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.src", "product": { "name": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.src", "product_id": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "product": { "name": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "product_id": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-nodemon@1.18.3-1.module%2Bel8.1.0%2B3369%2B37ae6a45?arch=src" } } }, { "category": "product_version", "name": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "product": { "name": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "product_id": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-packaging@17-3.module%2Bel8.1.0%2B3369%2B37ae6a45?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "product": { "name": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "product_id": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "product": { "name": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "product_id": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "product": { "name": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "product_id": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "product": { "name": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "product_id": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.ppc64le", "product": { "name": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.ppc64le", "product_id": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.13.4-1.12.14.1.1.module%2Bel8.1.0%2B5466%2B30f75629?arch=ppc64le\u0026epoch=1" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "product": { "name": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "product_id": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "product": { "name": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "product_id": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "product": { "name": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "product_id": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "product": { "name": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "product_id": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.s390x", "product": { "name": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.s390x", "product_id": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.13.4-1.12.14.1.1.module%2Bel8.1.0%2B5466%2B30f75629?arch=s390x\u0026epoch=1" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "product": { "name": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "product_id": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "product": { "name": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "product_id": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "product": { "name": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "product_id": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "product": { "name": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "product_id": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.x86_64", "product": { "name": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.x86_64", "product_id": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.13.4-1.12.14.1.1.module%2Bel8.1.0%2B5466%2B30f75629?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8" }, "product_reference": "nodejs:12:8010020200116150415:c27ad7f8", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64 as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64" }, "product_reference": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le" }, "product_reference": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x" }, "product_reference": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.src as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.src" }, "product_reference": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.src", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64 as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64" }, "product_reference": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64 as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64" }, "product_reference": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le" }, "product_reference": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x" }, "product_reference": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64 as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64" }, "product_reference": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64 as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64" }, "product_reference": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le" }, "product_reference": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x" }, "product_reference": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64 as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64" }, "product_reference": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64 as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64" }, "product_reference": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le" }, "product_reference": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x" }, "product_reference": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64 as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64" }, "product_reference": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-docs-1:12.14.1-1.module+el8.1.0+5466+30f75629.noarch as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-docs-1:12.14.1-1.module+el8.1.0+5466+30f75629.noarch" }, "product_reference": "nodejs-docs-1:12.14.1-1.module+el8.1.0+5466+30f75629.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch" }, "product_reference": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src" }, "product_reference": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch" }, "product_reference": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src" }, "product_reference": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.aarch64 as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.aarch64" }, "product_reference": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.aarch64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.ppc64le as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.ppc64le" }, "product_reference": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.s390x as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.s390x" }, "product_reference": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.s390x", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.x86_64 as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.x86_64" }, "product_reference": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-16775", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-12-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788305" } ], "notes": [ { "category": "description", "text": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user\u0027s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", "title": "Vulnerability description" }, { "category": "summary", "text": "npm: Symlink reference outside of node_modules folder through the bin field upon installation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-docs-1:12.14.1-1.module+el8.1.0+5466+30f75629.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16775" }, { "category": "external", "summary": "RHBZ#1788305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788305" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16775", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16775" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16775", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16775" } ], "release_date": "2019-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-04T13:22:41+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-docs-1:12.14.1-1.module+el8.1.0+5466+30f75629.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHEA-2020:0330" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-docs-1:12.14.1-1.module+el8.1.0+5466+30f75629.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "npm: Symlink reference outside of node_modules folder through the bin field upon installation" }, { "cve": "CVE-2019-16776", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-12-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788310" } ], "notes": [ { "category": "description", "text": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user\u0027s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", "title": "Vulnerability description" }, { "category": "summary", "text": "npm: Arbitrary file write via constructed entry in the package.json bin field", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-docs-1:12.14.1-1.module+el8.1.0+5466+30f75629.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16776" }, { "category": "external", "summary": "RHBZ#1788310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788310" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16776", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16776" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16776", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16776" } ], "release_date": "2019-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-04T13:22:41+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-docs-1:12.14.1-1.module+el8.1.0+5466+30f75629.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHEA-2020:0330" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-docs-1:12.14.1-1.module+el8.1.0+5466+30f75629.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "npm: Arbitrary file write via constructed entry in the package.json bin field" }, { "cve": "CVE-2019-16777", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-12-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788301" } ], "notes": [ { "category": "description", "text": "Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", "title": "Vulnerability description" }, { "category": "summary", "text": "npm: Global node_modules Binary Overwrite", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-docs-1:12.14.1-1.module+el8.1.0+5466+30f75629.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16777" }, { "category": "external", "summary": "RHBZ#1788301", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788301" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16777", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16777" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16777", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16777" } ], "release_date": "2019-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-04T13:22:41+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-docs-1:12.14.1-1.module+el8.1.0+5466+30f75629.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHEA-2020:0330" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-docs-1:12.14.1-1.module+el8.1.0+5466+30f75629.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.aarch64", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.ppc64le", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.s390x", "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "npm: Global node_modules Binary Overwrite" } ] }
rhsa-2020_0602
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.\n\nThe following packages have been upgraded to a later upstream version: rh-nodejs12-nodejs (12.16.1).\n\nSecurity Fix(es):\n\n* nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605)\n\n* nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string (CVE-2019-15604)\n\n* nodejs: HTTP header values do not have trailing optional whitespace trimmed (CVE-2019-15606)\n\n* npm: Symlink reference outside of node_modules folder through the bin field upon installation (CVE-2019-16775)\n\n* npm: Arbitrary file write via constructed entry in the package.json bin field (CVE-2019-16776)\n\n* npm: Global node_modules Binary Overwrite (CVE-2019-16777)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:0602", "url": "https://access.redhat.com/errata/RHSA-2020:0602" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1788301", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788301" }, { "category": "external", "summary": "1788305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788305" }, { "category": "external", "summary": "1788310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788310" }, { "category": "external", "summary": "1800364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800364" }, { "category": "external", "summary": "1800366", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800366" }, { "category": "external", "summary": "1800367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800367" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0602.json" } ], "title": "Red Hat Security Advisory: rh-nodejs12-nodejs security update", "tracking": { "current_release_date": "2024-11-15T04:15:53+00:00", "generator": { "date": "2024-11-15T04:15:53+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:0602", "initial_release_date": "2020-02-25T15:56:27+00:00", "revision_history": [ { "date": "2020-02-25T15:56:27+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-02-25T15:56:27+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T04:15:53+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } } ], "category": "product_family", "name": "Red Hat Software Collections" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "product": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "product_id": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs@12.16.1-1.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "product": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "product_id": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-devel@12.16.1-1.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "product": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "product_id": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-npm@6.13.4-12.16.1.1.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "product": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "product_id": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-debuginfo@12.16.1-1.el7?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "product": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "product_id": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs@12.16.1-1.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "product": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "product_id": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-devel@12.16.1-1.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "product": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "product_id": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-npm@6.13.4-12.16.1.1.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "product": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "product_id": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-debuginfo@12.16.1-1.el7?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "product": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "product_id": "rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs@12.16.1-1.el7?arch=aarch64" } } }, { "category": "product_version", "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "product": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "product_id": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-devel@12.16.1-1.el7?arch=aarch64" } } }, { "category": "product_version", "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "product": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "product_id": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-npm@6.13.4-12.16.1.1.el7?arch=aarch64" } } }, { "category": "product_version", "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "product": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "product_id": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-debuginfo@12.16.1-1.el7?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "product": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "product_id": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs@12.16.1-1.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "product": { "name": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "product_id": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-docs@12.16.1-1.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "product": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "product_id": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs@12.16.1-1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "product": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "product_id": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-devel@12.16.1-1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "product": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "product_id": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-npm@6.13.4-12.16.1.1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "product": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "product_id": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-debuginfo@12.16.1-1.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch" }, "product_reference": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch" }, "product_reference": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch" }, "product_reference": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch" }, "product_reference": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch" }, "product_reference": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch" }, "product_reference": "rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" }, "product_reference": "rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-15604", "cwe": { "id": "CWE-172", "name": "Encoding Error" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800367" } ], "notes": [ { "category": "description", "text": "An encoding error flaw exists in the Node.js code that is used to read a peer certificate in the TLS client authentication. An attacker can use this flaw to crash the process used to handle TLS client authentication.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15604" }, { "category": "external", "summary": "RHBZ#1800367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800367" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15604", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15604" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" } ], "release_date": "2020-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T15:56:27+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0602" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string" }, { "cve": "CVE-2019-15605", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800364" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Node.js code where a specially crafted HTTP(s) request sent to a Node.js server failed to properly process the HTTP(s) headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is deployed behind a proxy server that reuses connections.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: HTTP request smuggling using malformed Transfer-Encoding header", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15605" }, { "category": "external", "summary": "RHBZ#1800364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800364" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15605", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15605" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" } ], "release_date": "2020-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T15:56:27+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0602" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "nodejs: HTTP request smuggling using malformed Transfer-Encoding header" }, { "cve": "CVE-2019-15606", "cwe": { "id": "CWE-138", "name": "Improper Neutralization of Special Elements" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800366" } ], "notes": [ { "category": "description", "text": "A flaw was found in Node.js where the HTTP(s) header values were not stripped of trailing whitespace. An attacker can use this flaw to send an HTTP(s) request which is validated by an upstream proxy server, but not by the Node.js HTTP(s) server.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: HTTP header values do not have trailing optional whitespace trimmed", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15606" }, { "category": "external", "summary": "RHBZ#1800366", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800366" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15606", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15606" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" } ], "release_date": "2020-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T15:56:27+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0602" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: HTTP header values do not have trailing optional whitespace trimmed" }, { "cve": "CVE-2019-16775", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-12-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788305" } ], "notes": [ { "category": "description", "text": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user\u0027s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", "title": "Vulnerability description" }, { "category": "summary", "text": "npm: Symlink reference outside of node_modules folder through the bin field upon installation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16775" }, { "category": "external", "summary": "RHBZ#1788305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788305" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16775", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16775" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16775", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16775" } ], "release_date": "2019-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T15:56:27+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0602" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "npm: Symlink reference outside of node_modules folder through the bin field upon installation" }, { "cve": "CVE-2019-16776", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-12-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788310" } ], "notes": [ { "category": "description", "text": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user\u0027s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", "title": "Vulnerability description" }, { "category": "summary", "text": "npm: Arbitrary file write via constructed entry in the package.json bin field", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16776" }, { "category": "external", "summary": "RHBZ#1788310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788310" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16776", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16776" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16776", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16776" } ], "release_date": "2019-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T15:56:27+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0602" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "npm: Arbitrary file write via constructed entry in the package.json bin field" }, { "cve": "CVE-2019-16777", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-12-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788301" } ], "notes": [ { "category": "description", "text": "Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", "title": "Vulnerability description" }, { "category": "summary", "text": "npm: Global node_modules Binary Overwrite", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16777" }, { "category": "external", "summary": "RHBZ#1788301", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788301" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16777", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16777" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16777", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16777" } ], "release_date": "2019-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-25T15:56:27+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0602" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-Alt-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.5.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.6.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4-7.7.Z:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Server-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Server-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.src", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-devel-0:12.16.1-1.el7.x86_64", "7Workstation-RHSCL-3.4:rh-nodejs12-nodejs-docs-0:12.16.1-1.el7.noarch", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.aarch64", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.ppc64le", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.s390x", "7Workstation-RHSCL-3.4:rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "npm: Global node_modules Binary Overwrite" } ] }
ghsa-4328-8hgf-7wjr
Vulnerability from github
Versions of the npm CLI prior to 6.13.4 are vulnerable to a Global node_modules Binary Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations.
For example, if a package was installed globally and created a serve
binary, any subsequent installs of packages that also create a serve
binary would overwrite the first binary. This will not overwrite system binaries but only binaries put into the global node_modules directory.
This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.
Recommendation
Upgrade to version 6.13.4 or later.
{ "affected": [ { "package": { "ecosystem": "npm", "name": "npm" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "6.13.4" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2019-16777" ], "database_specific": { "cwe_ids": [ "CWE-22", "CWE-269" ], "github_reviewed": true, "github_reviewed_at": "2020-06-16T20:57:02Z", "nvd_published_at": "2019-12-13T01:15:00Z", "severity": "HIGH" }, "details": "Versions of the npm CLI prior to 6.13.4 are vulnerable to a Global node_modules Binary Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. \n\nFor example, if a package was installed globally and created a `serve` binary, any subsequent installs of packages that also create a `serve` binary would overwrite the first binary. This will not overwrite system binaries but only binaries put into the global node_modules directory.\n\nThis behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.\n\n\n## Recommendation\n\nUpgrade to version 6.13.4 or later.", "id": "GHSA-4328-8hgf-7wjr", "modified": "2022-08-11T00:00:45Z", "published": "2019-12-13T15:39:32Z", "references": [ { "type": "WEB", "url": "https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16777" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHEA-2020:0330" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2020:0573" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2020:0579" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2020:0597" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2020:0602" }, { "type": "WEB", "url": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-4328-8hgf-7wjr" }, { "type": "PACKAGE", "url": "https://github.com/npm/cli" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/202003-48" }, { "type": "WEB", "url": "https://www.npmjs.com/advisories/1437" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", "type": "CVSS_V3" } ], "summary": "npm Vulnerable to Global node_modules Binary Overwrite" }
gsd-2019-16777
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2019-16777", "description": "Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", "id": "GSD-2019-16777", "references": [ "https://www.suse.com/security/cve/CVE-2019-16777.html", "https://access.redhat.com/errata/RHSA-2020:2625", "https://access.redhat.com/errata/RHSA-2020:0602", "https://access.redhat.com/errata/RHSA-2020:0597", "https://access.redhat.com/errata/RHSA-2020:0579", "https://access.redhat.com/errata/RHSA-2020:0573", "https://access.redhat.com/errata/RHEA-2020:0330", "https://advisories.mageia.org/CVE-2019-16777.html", "https://security.archlinux.org/CVE-2019-16777", "https://linux.oracle.com/cve/CVE-2019-16777.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2019-16777" ], "details": "Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", "id": "GSD-2019-16777", "modified": "2023-12-13T01:23:40.698169Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2019-16777", "STATE": "PUBLIC", "TITLE": "Arbitrary File Overwrite in npm CLI" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "cli", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "\u003c 6.13.4", "version_value": "6.13.4" } ] } } ] }, "vendor_name": "npm" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli", "refsource": "MISC", "url": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli" }, { "name": "https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr", "refsource": "CONFIRM", "url": "https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr" }, { "name": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "name": "openSUSE-SU-2020:0059", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html" }, { "name": "FEDORA-2020-595ce5e3cc", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/" }, { "name": "RHEA-2020:0330", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHEA-2020:0330" }, { "name": "RHSA-2020:0573", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0573" }, { "name": "RHSA-2020:0579", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0579" }, { "name": "RHSA-2020:0597", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0597" }, { "name": "RHSA-2020:0602", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0602" }, { "name": "GLSA-202003-48", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-48" } ] }, "source": { "advisory": "GHSA-4328-8hgf-7wjr", "discovery": "UNKNOWN" } }, "gitlab.com": { "advisories": [ { "affected_range": "\u003c6.13.4", "affected_versions": "All versions before 6.13.4", "cvss_v2": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "cwe_ids": [ "CWE-1035", "CWE-22", "CWE-937" ], "date": "2020-10-10", "description": "npm is vulnerable to an Arbitrary File Write.", "fixed_versions": [ "6.13.4" ], "identifier": "CVE-2019-16777", "identifiers": [ "CVE-2019-16777", "GHSA-4328-8hgf-7wjr" ], "not_impacted": "All versions starting from 6.13.4", "package_slug": "npm/npm", "pubdate": "2019-12-12", "solution": "Upgrade to version 6.13.4 or above.", "title": "Path Traversal", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2019-16777" ], "uuid": "ddb1d8a2-73df-4e15-8c03-78e5772b3514" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:npmjs:npm:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.13.4", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:graalvm:19.3.0.2:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2019-16777" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-269" } ] } ] }, "references": { "reference_data": [ { "name": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli", "refsource": "MISC", "tags": [ "Third Party Advisory" ], "url": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli" }, { "name": "https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr" }, { "name": "openSUSE-SU-2020:0059", "refsource": "SUSE", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html" }, { "name": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "name": "FEDORA-2020-595ce5e3cc", "refsource": "FEDORA", "tags": [ "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/" }, { "name": "RHEA-2020:0330", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHEA-2020:0330" }, { "name": "RHSA-2020:0573", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2020:0573" }, { "name": "RHSA-2020:0579", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2020:0579" }, { "name": "RHSA-2020:0597", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2020:0597" }, { "name": "RHSA-2020:0602", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2020:0602" }, { "name": "GLSA-202003-48", "refsource": "GENTOO", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202003-48" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6 } }, "lastModifiedDate": "2022-08-02T20:45Z", "publishedDate": "2019-12-13T01:15Z" } } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.