Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2021-5171.NASL
HistoryDec 16, 2021 - 12:00 a.m.

Oracle Linux 8 : nodejs:16 (ELSA-2021-5171)

2021-12-1600:00:00
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.6%

JSON

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-5171 advisory.

  • This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context. (CVE-2020-7788)

  • This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator. (CVE-2020-28469)

  • ansi-regex is vulnerable to Inefficient Regular Expression Complexity (CVE-2021-3807)

  • json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) (CVE-2021-3918)

  • The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.
    (CVE-2021-33502)

  • The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6. (CVE-2021-22959)

  • The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. (CVE-2021-22960)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2021-5171.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(156123);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/22");

  script_cve_id(
    "CVE-2020-7788",
    "CVE-2020-28469",
    "CVE-2021-3807",
    "CVE-2021-3918",
    "CVE-2021-22959",
    "CVE-2021-22960",
    "CVE-2021-33502"
  );
  script_xref(name:"IAVB", value:"2021-B-0059-S");

  script_name(english:"Oracle Linux 8 : nodejs:16 (ELSA-2021-5171)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ELSA-2021-5171 advisory.

  - This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application
    that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited
    further depending on the context. (CVE-2020-7788)

  - This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in
    enclosure containing path separator. (CVE-2020-28469)

  - ansi-regex is vulnerable to Inefficient Regular Expression Complexity (CVE-2021-3807)

  - json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype
    Pollution') (CVE-2021-3918)

  - The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS
    (regular expression denial of service) issue because it has exponential performance for data: URLs.
    (CVE-2021-33502)

  - The parser in accepts requests with a space (SP) right after the header name before the colon. This can
    lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6. (CVE-2021-22959)

  - The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of
    chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. (CVE-2021-22960)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2021-5171.html");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-3918");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/12/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/12/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/12/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nodejs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nodejs-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nodejs-docs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nodejs-full-i18n");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nodejs-nodemon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nodejs-packaging");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:npm");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Oracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");

  exit(0);
}


include('audit.inc');
include('global_settings.inc');
include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
var os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);

var module_ver = get_kb_item('Host/RedHat/appstream/nodejs');
if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:16');
if ('16' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module nodejs:' + module_ver);

var appstreams = {
    'nodejs:16': [
      {'reference':'nodejs-16.13.1-3.0.1.module+el8.5.0+20457+52828f44', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'nodejs-16.13.1-3.0.1.module+el8.5.0+20457+52828f44', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'nodejs-devel-16.13.1-3.0.1.module+el8.5.0+20457+52828f44', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'nodejs-devel-16.13.1-3.0.1.module+el8.5.0+20457+52828f44', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'nodejs-docs-16.13.1-3.0.1.module+el8.5.0+20457+52828f44', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'nodejs-full-i18n-16.13.1-3.0.1.module+el8.5.0+20457+52828f44', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'nodejs-full-i18n-16.13.1-3.0.1.module+el8.5.0+20457+52828f44', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'nodejs-nodemon-2.0.15-1.module+el8.5.0+20457+52828f44', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-packaging-25-1.module+el8.5.0+20388+4b61e68d', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'npm-8.1.2-1.16.13.1.3.0.1.module+el8.5.0+20457+52828f44', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'npm-8.1.2-1.16.13.1.3.0.1.module+el8.5.0+20457+52828f44', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}
    ]
};

var flag = 0;
var appstreams_found = 0;
foreach var module (keys(appstreams)) {
  var appstream = NULL;
  var appstream_name = NULL;
  var appstream_version = NULL;
  var appstream_split = split(module, sep:':', keep:FALSE);
  if (!empty_or_null(appstream_split)) {
    appstream_name = appstream_split[0];
    appstream_version = appstream_split[1];
    if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);
  }
  if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
    appstreams_found++;
    foreach var package_array ( appstreams[module] ) {
      var reference = NULL;
      var release = NULL;
      var sp = NULL;
      var cpu = NULL;
      var el_string = NULL;
      var rpm_spec_vers_cmp = NULL;
      var epoch = NULL;
      var allowmaj = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
      if (reference && release) {
        if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
      }
    }
  }
}

if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:16');

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs / nodejs-devel / nodejs-docs / etc');
}
VendorProductVersionCPE
oraclelinux8cpe:/o:oracle:linux:8
oraclelinuxnodejsp-cpe:/a:oracle:linux:nodejs
oraclelinuxnodejs-develp-cpe:/a:oracle:linux:nodejs-devel
oraclelinuxnodejs-docsp-cpe:/a:oracle:linux:nodejs-docs
oraclelinuxnodejs-full-i18np-cpe:/a:oracle:linux:nodejs-full-i18n
oraclelinuxnodejs-nodemonp-cpe:/a:oracle:linux:nodejs-nodemon
oraclelinuxnodejs-packagingp-cpe:/a:oracle:linux:nodejs-packaging
oraclelinuxnpmp-cpe:/a:oracle:linux:npm

Related

nessus 34
rocky 4
oraclelinux 3
osv 18
almalinux 3
redhat 6
ibm 31
openvas 16
fedora 3
archlinux 3
freebsd 1
mageia 2
altlinux 1
nodejsblog 1
ubuntucve 7
nodejs 2
redhatcve 6
debiancve 7
cvelist 6
cve 7
prion 7
nvd 6
veracode 6
github 4
debian 2
hackerone 3
alpinelinux 2
suse 3
ubuntu 1
huntr 2
cnvd 1
cgr 1
nessus
nessus
RHEL 8 : nodejs:16 (RHSA-2021:5171)
2021-12-16 00:00:00
AlmaLinux 8 : nodejs:16 (ALSA-2021:5171)
2022-03-12 00:00:00
Rocky Linux 8 : nodejs:16 (RLSA-2021:5171)
2023-11-06 00:00:00
rocky
rocky
nodejs:16 security, bug fix, and enhancement update
2021-12-15 19:09:29
nodejs:14 security, bug fix, and enhancement update
2022-02-01 20:08:39
nodejs and nodejs-nodemon security and bug fix update
2022-09-20 11:37:49
oraclelinux
oraclelinux
nodejs:16 security, bug fix, and enhancement update
2021-12-16 00:00:00
nodejs:14 security, bug fix, and enhancement update
2022-02-02 00:00:00
nodejs and nodejs-nodemon security and bug fix update
2022-09-22 00:00:00
osv
osv
Moderate: nodejs:16 security, bug fix, and enhancement update
2021-12-15 19:09:29
Moderate: nodejs:16 security, bug fix, and enhancement update
2021-12-15 19:09:29
Moderate: nodejs:14 security, bug fix, and enhancement update
2022-02-01 20:08:39
almalinux
almalinux
Moderate: nodejs:16 security, bug fix, and enhancement update
2021-12-15 19:09:29
Moderate: nodejs:14 security, bug fix, and enhancement update
2022-02-01 20:08:39
Moderate: nodejs and nodejs-nodemon security and bug fix update
2022-09-20 00:00:00
redhat
redhat
(RHSA-2021:5171) Moderate: nodejs:16 security, bug fix, and enhancement update
2021-12-15 19:09:29
(RHSA-2022:0350) Moderate: nodejs:14 security, bug fix, and enhancement update
2022-02-01 20:08:39
(RHSA-2022:0246) Moderate: nodejs:14 security, bug fix, and enhancement update
2022-01-25 08:40:34
ibm
ibm
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js
2021-12-17 04:21:37
Security Bulletin: IBM DataPower affected by vulnerabilities in Node.js
2022-03-02 15:24:25
Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Node.js vulnerabilities (CVE-2021-22959 and CVE-2021-22960)
2022-01-13 15:45:49
openvas
openvas
Fedora: Security Advisory for nodejs (FEDORA-2021-9818cabe0d)
2021-10-30 00:00:00
Mageia: Security Advisory (MGASA-2021-0592)
2022-01-28 00:00:00
Fedora: Security Advisory for nodejs (FEDORA-2021-cbad295a90)
2021-10-24 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: nodejs-14.18.1-1.fc33
2021-10-23 03:25:54
[SECURITY] Fedora 34 Update: nodejs-14.18.1-1.fc34
2021-10-23 03:22:47
[SECURITY] Fedora 35 Update: nodejs-16.11.1-1.fc35
2021-10-29 23:27:03
archlinux
archlinux
[ASA-202110-4] nodejs: url request injection
2021-10-21 00:00:00
[ASA-202110-5] nodejs-lts-fermium: multiple issues
2021-10-21 00:00:00
[ASA-202110-6] nodejs-lts-erbium: multiple issues
2021-10-21 00:00:00
freebsd
freebsd
Node.js -- October 2021 Security Releases
2021-10-12 00:00:00
mageia
mageia
Updated nodejs packages fix security vulnerability
2021-12-30 19:41:51
Updated nodejs-ini package fixes a security vulnerability
2021-02-05 14:54:53
altlinux
altlinux
Security fix for the ALT Linux 10 package node version 14.18.2-alt1
2021-12-23 00:00:00
nodejsblog
nodejsblog
October 12th 2021 Security Releases
2021-10-12 00:00:00
ubuntucve
ubuntucve
CVE-2020-28469
2021-06-03 00:00:00
CVE-2021-33502
2021-05-24 00:00:00
CVE-2020-7788
2020-12-11 00:00:00
nodejs
nodejs
Regular expression denial of service
2021-06-07 21:57:10
Regular Expression Denial of Service
2021-06-08 23:12:07
redhatcve
redhatcve
CVE-2021-33502
2021-05-25 14:57:29
CVE-2020-28469
2021-04-01 01:38:31
CVE-2021-22959
2021-10-14 12:15:38
debiancve
debiancve
CVE-2021-33502
2021-05-24 16:15:08
CVE-2020-28469
2021-06-03 16:15:07
CVE-2020-7788
2020-12-11 11:15:11
cvelist
cvelist
CVE-2021-33502
2021-05-24 15:42:34
CVE-2020-28469 Regular Expression Denial of Service (ReDoS)
2021-06-03 00:00:00
CVE-2021-22959
2021-11-15 14:45:16
cve
cve
CVE-2021-33502
2021-05-24 16:15:08
CVE-2020-28469
2021-06-03 16:15:07
CVE-2020-7788
2020-12-11 11:15:11
prion
prion
Denial of service
2021-05-24 16:15:00
Design/Logic Flaw
2021-06-03 16:15:00
Design/Logic Flaw
2021-11-15 15:15:00
nvd
nvd
CVE-2020-28469
2021-06-03 16:15:07
CVE-2021-33502
2021-05-24 16:15:08
CVE-2021-22959
2021-11-15 15:15:06
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2021-05-25 07:10:20
Regular Expression Denial Of Service (ReDoS)
2021-01-21 14:21:20
HTTP Request Smuggling (HRS)
2021-10-13 17:26:57
github
github
ReDoS in normalize-url
2021-06-08 23:11:43
glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex
2021-06-07 21:56:34
ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse
2020-12-10 16:53:45
debian
debian
[SECURITY] [DLA 2503-1] node-ini security update
2020-12-21 15:01:05
[SECURITY] [DLA 3228-1] node-json-schema security update
2022-12-06 19:15:29
hackerone
hackerone
Node.js: HTTP Request Smuggling due to accepting space before colon
2021-06-20 11:10:00
Node.js: HTTP Request Smuggling due to ignoring chunk extensions
2021-06-19 08:43:05
Nextcloud: @nextcloud/logger NPM package brings vulnerable ansi-regex version
2022-06-20 14:31:09
alpinelinux
alpinelinux
CVE-2021-22959
2021-11-15 15:15:06
CVE-2021-22960
2021-11-03 20:15:08
suse
suse
Security update for nodejs8 (important)
2022-03-04 00:00:00
Security update for nodejs14 (important)
2022-03-04 00:00:00
Security update for nodejs12 (important)
2022-03-02 00:00:00
ubuntu
ubuntu
JSON Schema vulnerability
2023-05-24 00:00:00
huntr
huntr
Prototype Pollution in kriszyp/json-schema
2021-10-03 13:08:43
Inefficient Regular Expression Complexity in chalk/ansi-regex
2021-09-09 11:25:39
cnvd
cnvd
json-schema has an unspecified vulnerability
2021-11-16 00:00:00
cgr
cgr
CVE-2021-3807 vulnerabilities
2024-05-19 03:07:16

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.6%

JSON
Related for ORACLELINUX_ELSA-2021-5171.NASL
nessus34rocky4oraclelinux3osv18almalinux3redhat6ibm31openvas16fedora3archlinux3freebsd1mageia2altlinux1nodejsblog1ubuntucve7nodejs2redhatcve6debiancve7cvelist6cve7prion7nvd6veracode6github4debian2hackerone3alpinelinux2suse3ubuntu1huntr2cnvd1cgr1