RHEA-2020_0330
Vulnerability from csaf_redhat - Published: 2020-02-04 13:22 - Updated: 2024-11-15 04:09Summary
Red Hat Enhancement Advisory: nodejs:12 enhancement update
Severity
Low
Notes
Topic: An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.
Details: The following packages have been upgraded to a later upstream version: nodejs (12.14.1). (BZ#1791067)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.
4.8 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHEA-2020:0330
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.
4.8 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHEA-2020:0330
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.
4.8 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHEA-2020:0330
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.",
"title": "Topic"
},
{
"category": "general",
"text": "The following packages have been upgraded to a later upstream version: nodejs (12.14.1). (BZ#1791067)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHEA-2020:0330",
"url": "https://access.redhat.com/errata/RHEA-2020:0330"
},
{
"category": "external",
"summary": "1791067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791067"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhea-2020_0330.json"
}
],
"title": "Red Hat Enhancement Advisory: nodejs:12 enhancement update",
"tracking": {
"current_release_date": "2024-11-15T04:09:36+00:00",
"generator": {
"date": "2024-11-15T04:09:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHEA-2020:0330",
"initial_release_date": "2020-02-04T13:22:41+00:00",
"revision_history": [
{
"date": "2020-02-04T13:22:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-02-04T13:22:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T04:09:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs:12:8010020200116150415:c27ad7f8",
"product": {
"name": "nodejs:12:8010020200116150415:c27ad7f8",
"product_id": "nodejs:12:8010020200116150415:c27ad7f8",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/nodejs@12:8010020200116150415:c27ad7f8"
}
}
},
{
"category": "product_version",
"name": "nodejs-docs-1:12.14.1-1.module+el8.1.0+5466+30f75629.noarch",
"product": {
"name": "nodejs-docs-1:12.14.1-1.module+el8.1.0+5466+30f75629.noarch",
"product_id": "nodejs-docs-1:12.14.1-1.module+el8.1.0+5466+30f75629.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch",
"product": {
"name": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch",
"product_id": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@1.18.3-1.module%2Bel8.1.0%2B3369%2B37ae6a45?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch",
"product": {
"name": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch",
"product_id": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@17-3.module%2Bel8.1.0%2B3369%2B37ae6a45?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"product": {
"name": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"product_id": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"product": {
"name": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"product_id": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"product": {
"name": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"product_id": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"product": {
"name": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"product_id": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.aarch64",
"product": {
"name": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.aarch64",
"product_id": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@6.13.4-1.12.14.1.1.module%2Bel8.1.0%2B5466%2B30f75629?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.src",
"product": {
"name": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.src",
"product_id": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src",
"product": {
"name": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src",
"product_id": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@1.18.3-1.module%2Bel8.1.0%2B3369%2B37ae6a45?arch=src"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src",
"product": {
"name": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src",
"product_id": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@17-3.module%2Bel8.1.0%2B3369%2B37ae6a45?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"product": {
"name": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"product_id": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"product": {
"name": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"product_id": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"product": {
"name": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"product_id": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"product": {
"name": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"product_id": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.ppc64le",
"product": {
"name": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.ppc64le",
"product_id": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@6.13.4-1.12.14.1.1.module%2Bel8.1.0%2B5466%2B30f75629?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"product": {
"name": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"product_id": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"product": {
"name": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"product_id": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"product": {
"name": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"product_id": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"product": {
"name": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"product_id": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.s390x",
"product": {
"name": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.s390x",
"product_id": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@6.13.4-1.12.14.1.1.module%2Bel8.1.0%2B5466%2B30f75629?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"product": {
"name": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"product_id": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"product": {
"name": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"product_id": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"product": {
"name": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"product_id": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"product": {
"name": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"product_id": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@12.14.1-1.module%2Bel8.1.0%2B5466%2B30f75629?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.x86_64",
"product": {
"name": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.x86_64",
"product_id": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@6.13.4-1.12.14.1.1.module%2Bel8.1.0%2B5466%2B30f75629?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8"
},
"product_reference": "nodejs:12:8010020200116150415:c27ad7f8",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64 as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64"
},
"product_reference": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le"
},
"product_reference": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x"
},
"product_reference": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.src as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.src"
},
"product_reference": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.src",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64 as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64"
},
"product_reference": "nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64 as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64"
},
"product_reference": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le"
},
"product_reference": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x"
},
"product_reference": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64 as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64"
},
"product_reference": "nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64 as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64"
},
"product_reference": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le"
},
"product_reference": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x"
},
"product_reference": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64 as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64"
},
"product_reference": "nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64 as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64"
},
"product_reference": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le"
},
"product_reference": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x"
},
"product_reference": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64 as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64"
},
"product_reference": "nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:12.14.1-1.module+el8.1.0+5466+30f75629.noarch as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-docs-1:12.14.1-1.module+el8.1.0+5466+30f75629.noarch"
},
"product_reference": "nodejs-docs-1:12.14.1-1.module+el8.1.0+5466+30f75629.noarch",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch"
},
"product_reference": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src"
},
"product_reference": "nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch"
},
"product_reference": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src"
},
"product_reference": "nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.aarch64 as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.aarch64"
},
"product_reference": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.aarch64",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.ppc64le as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.ppc64le"
},
"product_reference": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.s390x as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.s390x"
},
"product_reference": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.s390x",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.x86_64 as a component of nodejs:12:8010020200116150415:c27ad7f8 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.x86_64"
},
"product_reference": "npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-16775",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-12-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1788305"
}
],
"notes": [
{
"category": "description",
"text": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user\u0027s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "npm: Symlink reference outside of node_modules folder through the bin field upon installation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.src",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-docs-1:12.14.1-1.module+el8.1.0+5466+30f75629.noarch",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16775"
},
{
"category": "external",
"summary": "RHBZ#1788305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788305"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16775",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16775"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16775",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16775"
}
],
"release_date": "2019-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-04T13:22:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.src",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-docs-1:12.14.1-1.module+el8.1.0+5466+30f75629.noarch",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2020:0330"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.src",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-docs-1:12.14.1-1.module+el8.1.0+5466+30f75629.noarch",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "npm: Symlink reference outside of node_modules folder through the bin field upon installation"
},
{
"cve": "CVE-2019-16776",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-12-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1788310"
}
],
"notes": [
{
"category": "description",
"text": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user\u0027s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "npm: Arbitrary file write via constructed entry in the package.json bin field",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.src",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-docs-1:12.14.1-1.module+el8.1.0+5466+30f75629.noarch",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16776"
},
{
"category": "external",
"summary": "RHBZ#1788310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16776",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16776"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16776",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16776"
}
],
"release_date": "2019-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-04T13:22:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.src",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-docs-1:12.14.1-1.module+el8.1.0+5466+30f75629.noarch",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2020:0330"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.src",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-docs-1:12.14.1-1.module+el8.1.0+5466+30f75629.noarch",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "npm: Arbitrary file write via constructed entry in the package.json bin field"
},
{
"cve": "CVE-2019-16777",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-12-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1788301"
}
],
"notes": [
{
"category": "description",
"text": "Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "npm: Global node_modules Binary Overwrite",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.src",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-docs-1:12.14.1-1.module+el8.1.0+5466+30f75629.noarch",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16777"
},
{
"category": "external",
"summary": "RHBZ#1788301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788301"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16777",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16777"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16777",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16777"
}
],
"release_date": "2019-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-04T13:22:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.src",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-docs-1:12.14.1-1.module+el8.1.0+5466+30f75629.noarch",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2020:0330"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.src",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-docs-1:12.14.1-1.module+el8.1.0+5466+30f75629.noarch",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45.src",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.noarch",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45.src",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:nodejs:12:8010020200116150415:c27ad7f8:npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "npm: Global node_modules Binary Overwrite"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…