1. Home
  2. Security Advisories
  3. Gentoo
  4. GLSA-202003-48

[GLSA-202003-48] Node.js: Multiple vulnerabilities

Severity Normal
Affected Packages 1
Unaffected Packages 2
CVEs 15
Info Packages References Vulnerabilities

Multiple vulnerabilities have been found in Node.js, worst of which could allow remote attackers to write arbitrary files.

Background
Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript
engine.

Description
Multiple vulnerabilities have been discovered in Node.js. Please review
the CVE identifiers referenced below for details.

Impact
A remote attacker could possibly write arbitrary files, cause a Denial
of Service condition or can conduct HTTP request splitting attacks.

Workaround
There is no known workaround at this time.

Resolution
All Node.js <12.x users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose &quot;>=net-libs/nodejs-10.19.0&quot;

All Node.js 12.x users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose &quot;>=net-libs/nodejs-12.15.0&quot;

Package Affected Version
pkg:ebuild/net-libs/nodejs?distro=gentoo < 12.15.0
Package Unaffected Version
pkg:ebuild/net-libs/nodejs?distro=gentoo >= 10.19.0
pkg:ebuild/net-libs/nodejs?distro=gentoo >= 12.15.0
ID
GLSA-202003-48
Severity
normal
URL
https://security.gentoo.org/glsa/202003-48
Published
2020-03-20T00:00:00
(4 years ago)
Modified
2020-03-20T00:00:00
(4 years ago)
Rights
Gentoo Foundation, Inc.
Other Advisories
Source # ID Name URL
CVE CVE-2018-12115 CVE-2018-12115 https://nvd.nist.gov/vuln/detail/CVE-2018-12115
CVE CVE-2018-12116 CVE-2018-12116 https://nvd.nist.gov/vuln/detail/CVE-2018-12116
CVE CVE-2018-12121 CVE-2018-12121 https://nvd.nist.gov/vuln/detail/CVE-2018-12121
CVE CVE-2018-12122 CVE-2018-12122 https://nvd.nist.gov/vuln/detail/CVE-2018-12122
CVE CVE-2018-12123 CVE-2018-12123 https://nvd.nist.gov/vuln/detail/CVE-2018-12123
CVE CVE-2018-7161 CVE-2018-7161 https://nvd.nist.gov/vuln/detail/CVE-2018-7161
CVE CVE-2018-7162 CVE-2018-7162 https://nvd.nist.gov/vuln/detail/CVE-2018-7162
CVE CVE-2018-7164 CVE-2018-7164 https://nvd.nist.gov/vuln/detail/CVE-2018-7164
CVE CVE-2018-7167 CVE-2018-7167 https://nvd.nist.gov/vuln/detail/CVE-2018-7167
CVE CVE-2019-15604 CVE-2019-15604 https://nvd.nist.gov/vuln/detail/CVE-2019-15604
CVE CVE-2019-15605 CVE-2019-15605 https://nvd.nist.gov/vuln/detail/CVE-2019-15605
CVE CVE-2019-15606 CVE-2019-15606 https://nvd.nist.gov/vuln/detail/CVE-2019-15606
CVE CVE-2019-16777 CVE-2019-16777 https://nvd.nist.gov/vuln/detail/CVE-2019-16777
CVE CVE-2019-5737 CVE-2019-5737 https://nvd.nist.gov/vuln/detail/CVE-2019-5737
CVE CVE-2019-5739 CVE-2019-5739 https://nvd.nist.gov/vuln/detail/CVE-2019-5739
Bugzilla 658074 Bugzilla #658074 https://bugs.gentoo.org/show_bug.cgi?id=658074
Bugzilla 665656 Bugzilla #665656 https://bugs.gentoo.org/show_bug.cgi?id=665656
Bugzilla 672136 Bugzilla #672136 https://bugs.gentoo.org/show_bug.cgi?id=672136
Bugzilla 679132 Bugzilla #679132 https://bugs.gentoo.org/show_bug.cgi?id=679132
Bugzilla 702988 Bugzilla #702988 https://bugs.gentoo.org/show_bug.cgi?id=702988
Bugzilla 708458 Bugzilla #708458 https://bugs.gentoo.org/show_bug.cgi?id=708458
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:ebuild/net-libs/nodejs?distro=gentoo net-libs nodejs < 12.15.0 gentoo
Unaffected pkg:ebuild/net-libs/nodejs?distro=gentoo net-libs nodejs >= 10.19.0 gentoo
Unaffected pkg:ebuild/net-libs/nodejs?distro=gentoo net-libs nodejs >= 12.15.0 gentoo
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date