[GLSA-202003-48] Node.js: Multiple vulnerabilities
Multiple vulnerabilities have been found in Node.js, worst of which could allow remote attackers to write arbitrary files.
Background
Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript
engine.
Description
Multiple vulnerabilities have been discovered in Node.js. Please review
the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly write arbitrary files, cause a Denial
of Service condition or can conduct HTTP request splitting attacks.
Workaround
There is no known workaround at this time.
Resolution
All Node.js <12.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/nodejs-10.19.0"
All Node.js 12.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/nodejs-12.15.0"
Package | Affected Version |
---|---|
pkg:ebuild/net-libs/nodejs?distro=gentoo | < 12.15.0 |
Package | Unaffected Version |
---|---|
pkg:ebuild/net-libs/nodejs?distro=gentoo | >= 10.19.0 |
pkg:ebuild/net-libs/nodejs?distro=gentoo | >= 12.15.0 |
- ID
- GLSA-202003-48
- Severity
- normal
- URL
- https://security.gentoo.org/glsa/202003-48
- Published
-
2020-03-20T00:00:00
(4 years ago) - Modified
-
2020-03-20T00:00:00
(4 years ago) - Rights
- Gentoo Foundation, Inc.
- Other Advisories
-
- ALAS-2020-1359
- ALAS2-2019-1322
- ALAS2-2020-1417
- ALEA-2020:0330
- ALPINE:CVE-2018-12115
- ALPINE:CVE-2018-12116
- ALPINE:CVE-2018-12121
- ALPINE:CVE-2018-12122
- ALPINE:CVE-2018-12123
- ALPINE:CVE-2018-7161
- ALPINE:CVE-2018-7167
- ALPINE:CVE-2019-15604
- ALPINE:CVE-2019-15605
- ALPINE:CVE-2019-15606
- ALPINE:CVE-2019-5737
- ALSA-2019:2925
- ALSA-2020:0579
- ALSA-2020:0598
- DSA-4669-1
- ELSA-2019-2258
- ELSA-2019-3497
- ELSA-2020-0579
- ELSA-2020-0598
- ELSA-2020-0703
- ELSA-2020-0708
- FEDORA-2018-79841c871e
- FEDORA-2018-f59d961d7b
- FEDORA-2020-3838c8ea98
- FEDORA-2020-47efc31973
- FEDORA-2020-595ce5e3cc
- FREEBSD:0032400F-624F-11EA-B495-000D3AB229D6
- FREEBSD:0904E81F-A89D-11E8-AFBB-BC5FF4F77B71
- FREEBSD:2A3588B4-AB12-11EA-A051-001B217B3468
- FREEBSD:2A86F45A-FC3C-11E8-A414-00155D006B02
- FREEBSD:45B8E2EB-7056-11E8-8FAB-63CA6E0E13A2
- FREEBSD:B71D7193-3C54-11E9-A3F9-00155D006B02
- MS:CVE-2018-12116
- MS:CVE-2018-12121
- MS:CVE-2018-12122
- MS:CVE-2018-12123
- MS:CVE-2018-7161
- MS:CVE-2018-7162
- MS:CVE-2018-7164
- MS:CVE-2018-7167
- MS:CVE-2019-5737
- NPM:GHSA-4328-8HGF-7WJR
- openSUSE-SU-2019:0089-1
- openSUSE-SU-2020:0059-1
- openSUSE-SU-2020:0293-1
- RHEA-2020:0330
- RHSA-2019:2258
- RHSA-2019:2925
- RHSA-2019:3497
- RHSA-2020:0579
- RHSA-2020:0598
- RHSA-2020:0703
- RHSA-2020:0708
- RLEA-2020:0330
- RLSA-2019:2925
- RLSA-2020:0579
- RLSA-2020:0598
- SUSE-SU-2018:1892-1
- SUSE-SU-2018:1918-1
- SUSE-SU-2018:2647-1
- SUSE-SU-2018:2796-1
- SUSE-SU-2018:2812-1
- SUSE-SU-2019:0117-1
- SUSE-SU-2019:0118-1
- SUSE-SU-2019:0395-1
- SUSE-SU-2019:0627-1
- SUSE-SU-2019:0635-1
- SUSE-SU-2019:0636-1
- SUSE-SU-2019:0658-1
- SUSE-SU-2019:0818-1
- SUSE-SU-2020:0043-1
- SUSE-SU-2020:0063-1
- SUSE-SU-2020:0104-1
- SUSE-SU-2020:0247-1
- SUSE-SU-2020:0427-1
- SUSE-SU-2020:0429-1
- SUSE-SU-2020:0454-1
- SUSE-SU-2020:0455-1
- SUSE-SU-2020:0488-1
- USN-4796-1
- USN-6380-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:ebuild/net-libs/nodejs?distro=gentoo | net-libs | nodejs | < 12.15.0 | gentoo | ||
Unaffected | pkg:ebuild/net-libs/nodejs?distro=gentoo | net-libs | nodejs | >= 10.19.0 | gentoo | ||
Unaffected | pkg:ebuild/net-libs/nodejs?distro=gentoo | net-libs | nodejs | >= 12.15.0 | gentoo |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |