[ALSA-2021:0549] nodejs:12 security update

Severity Moderate

Affected Packages 4

CVEs 7

An update for the nodejs:12 module is now available for AlmaLinux AlmaLinux Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

The following packages have been upgraded to a later upstream version: nodejs (12.20.1), nodejs-nodemon (2.0.3).

Security Fix(es):

nodejs-mixin-deep: prototype pollution in function mixin-deep (CVE-2019-10746)
nodejs-set-value: prototype pollution in function set-value (CVE-2019-10747)
nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS (CVE-2020-7754)
nodejs-ini: prototype pollution via malicious INI file (CVE-2020-7788)
nodejs: use-after-free in the TLS implementation (CVE-2020-8265)
nodejs: HTTP request smuggling via two copies of a header field in an http request (CVE-2020-8287)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Package	Affected Version
pkg:rpm/almalinux/nodejs-packaging?arch=noarch&distro=almalinux-8.4	< 17-3.module_el8.4.0+2224+b07ac28e
pkg:rpm/almalinux/nodejs-packaging?arch=noarch&distro=almalinux-8.3	< 17-3.module_el8.3.0+2023+d2377ea3
pkg:rpm/almalinux/nodejs-nodemon?arch=noarch&distro=almalinux-8.4	< 2.0.3-1.module_el8.4.0+2521+c668cc9f
pkg:rpm/almalinux/nodejs-nodemon?arch=noarch&distro=almalinux-8.3	< 2.0.3-1.module_el8.3.0+2048+34fb5a07

ID

ALSA-2021:0549

Severity

moderate

URL

https://errata.almalinux.org/ALSA-2021:0549.html

Published

2021-02-16T07:34:29
(3 years ago)

Modified

2021-02-16T13:03:05
(3 years ago)

Rights

Other Advisories

Source	# ID	URL
Self	ALSA-2021-0549	https://errata.almalinux.org/8/ALSA-2021-0549.html
CVE	CVE-2018-3750	https://vulners.com/cve/CVE-2018-3750
CVE	CVE-2019-10746	https://vulners.com/cve/CVE-2019-10746
CVE	CVE-2019-10747	https://vulners.com/cve/CVE-2019-10747
CVE	CVE-2020-7754	https://vulners.com/cve/CVE-2020-7754
CVE	CVE-2020-7788	https://vulners.com/cve/CVE-2020-7788
CVE	CVE-2020-8265	https://vulners.com/cve/CVE-2020-8265
CVE	CVE-2020-8287	https://vulners.com/cve/CVE-2020-8287

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/almalinux/nodejs-packaging?arch=noarch&distro=almalinux-8.4	almalinux	nodejs-packaging	< 17-3.module_el8.4.0+2224+b07ac28e	almalinux-8.4	noarch
Affected	pkg:rpm/almalinux/nodejs-packaging?arch=noarch&distro=almalinux-8.3	almalinux	nodejs-packaging	< 17-3.module_el8.3.0+2023+d2377ea3	almalinux-8.3	noarch
Affected	pkg:rpm/almalinux/nodejs-nodemon?arch=noarch&distro=almalinux-8.4	almalinux	nodejs-nodemon	< 2.0.3-1.module_el8.4.0+2521+c668cc9f	almalinux-8.4	noarch
Affected	pkg:rpm/almalinux/nodejs-nodemon?arch=noarch&distro=almalinux-8.3	almalinux	nodejs-nodemon	< 2.0.3-1.module_el8.3.0+2048+34fb5a07	almalinux-8.3	noarch

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date