QID 239970
Date Published: 2021-12-21
QID 239970: Red Hat Update for nodejs:16 security (RHSA-2021:5171)
node.js is a software development platform for building fast and scalable network applications in the javascript programming language.
- nodejs-json-schema: prototype pollution vulnerability (cve-2021-3918)
- nodejs-ini: prototype pollution via malicious ini file (cve-2020-7788)
- nodejs-glob-parent: regular expression denial of service (cve-2020-28469)
- nodejs-ansi-regex: regular expression denial of service (redos) matching ansi escape codes (cve-2021-3807)
- normalize-url: redos for data urls (cve-2021-33502)
- llhttp: http request smuggling due to spaces in headers (cve-2021-22959)
- llhttp: http request smuggling when parsing the body of chunked requests (cve-2021-22960)
Affected Products:
- Red Hat enterprise linux for x86_64 8 x86_64
- Red Hat enterprise linux for ibm z systems 8 s390x
- Red Hat enterprise linux for power, little endian 8 ppc64le
- Red Hat enterprise linux for arm 64 8 aarch64
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2021:5171 for updates and patch information.
Vendor References
- RHSA-2021:5171 -
access.redhat.com/errata/RHSA-2021:5171
CVEs related to QID 239970
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| RHSA-2021:5171 | Red Hat Enterprise Linux |
access.redhat.com/errata/RHSA-2021:5171 |