Lucene search
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2021-3281.NASLHistoryAug 26, 2021 - 12:00 a.m.
RHEL 7 : rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon (RHSA-2021:3281)
2021-08-2600:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
Low
0.015 Low
EPSS
Percentile
87.2%
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3281 advisory.
-
nodejs-ini: Prototype pollution via malicious INI file (CVE-2020-7788)
-
nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)
-
c-ares: Missing input validation of host names may lead to domain hijacking (CVE-2021-3672)
-
nodejs: Use-after-free on close http2 on stream canceling (CVE-2021-22930, CVE-2021-22940)
-
nodejs: Improper handling of untypical characters in domain names (CVE-2021-22931)
-
nodejs: Incomplete validation of tls rejectUnauthorized parameter (CVE-2021-22939)
-
nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343)
-
nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite (CVE-2021-32803)
-
nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite (CVE-2021-32804)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2021:3281. The text
# itself is copyright (C) Red Hat, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(152862);
script_version("1.13");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/28");
script_cve_id(
"CVE-2020-7788",
"CVE-2020-28469",
"CVE-2021-3672",
"CVE-2021-22930",
"CVE-2021-22931",
"CVE-2021-22939",
"CVE-2021-22940",
"CVE-2021-23343",
"CVE-2021-32803",
"CVE-2021-32804"
);
script_xref(name:"RHSA", value:"2021:3281");
script_xref(name:"IAVB", value:"2021-B-0050-S");
script_name(english:"RHEL 7 : rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon (RHSA-2021:3281)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates for rh-nodejs12-nodejs / rh-nodejs12-nodejs-nodemon.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2021:3281 advisory.
- nodejs-ini: Prototype pollution via malicious INI file (CVE-2020-7788)
- nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)
- c-ares: Missing input validation of host names may lead to domain hijacking (CVE-2021-3672)
- nodejs: Use-after-free on close http2 on stream canceling (CVE-2021-22930, CVE-2021-22940)
- nodejs: Improper handling of untypical characters in domain names (CVE-2021-22931)
- nodejs: Incomplete validation of tls rejectUnauthorized parameter (CVE-2021-22939)
- nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343)
- nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite
(CVE-2021-32803)
- nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite
(CVE-2021-32804)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_3281.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e94601c9");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#important");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2021:3281");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1907444");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1945459");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1956818");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1988342");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1988394");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1990409");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1990415");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1993019");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1993029");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1993039");
script_set_attribute(attribute:"solution", value:
"Update the RHEL rh-nodejs12-nodejs / rh-nodejs12-nodejs-nodemon packages based on the guidance in RHSA-2021:3281.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-22931");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(20, 22, 79, 400, 416);
script_set_attribute(attribute:"vendor_severity", value:"Important");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/12/11");
script_set_attribute(attribute:"patch_publication_date", value:"2021/08/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/08/26");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-nodejs12-nodejs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-nodejs12-nodejs-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-nodejs12-nodejs-docs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-nodejs12-nodejs-nodemon");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-nodejs12-npm");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'repo_relative_urls': [
'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/debug',
'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/os',
'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/source/SRPMS',
'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/debug',
'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/os',
'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/source/SRPMS',
'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/debug',
'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/os',
'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/source/SRPMS',
'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/debug',
'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/os',
'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/debug',
'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/os',
'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/source/SRPMS',
'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/debug',
'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/os',
'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/source/SRPMS',
'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/debug',
'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/os',
'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/source/SRPMS'
],
'pkgs': [
{'reference':'rh-nodejs12-nodejs-12.22.5-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-nodejs12-nodejs-12.22.5-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-nodejs12-nodejs-12.22.5-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-nodejs12-nodejs-devel-12.22.5-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-nodejs12-nodejs-devel-12.22.5-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-nodejs12-nodejs-devel-12.22.5-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-nodejs12-nodejs-docs-12.22.5-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-nodejs12-nodejs-nodemon-2.0.3-5.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-nodejs12-npm-6.14.14-12.22.5.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-nodejs12-npm-6.14.14-12.22.5.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-nodejs12-npm-6.14.14-12.22.5.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-nodejs12-nodejs / rh-nodejs12-nodejs-devel / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_linux | 7 | cpe:/o:redhat:enterprise_linux:7 |
| redhat | enterprise_linux | rh-nodejs12-nodejs | p-cpe:/a:redhat:enterprise_linux:rh-nodejs12-nodejs |
| redhat | enterprise_linux | rh-nodejs12-nodejs-devel | p-cpe:/a:redhat:enterprise_linux:rh-nodejs12-nodejs-devel |
| redhat | enterprise_linux | rh-nodejs12-nodejs-docs | p-cpe:/a:redhat:enterprise_linux:rh-nodejs12-nodejs-docs |
| redhat | enterprise_linux | rh-nodejs12-nodejs-nodemon | p-cpe:/a:redhat:enterprise_linux:rh-nodejs12-nodejs-nodemon |
| redhat | enterprise_linux | rh-nodejs12-npm | p-cpe:/a:redhat:enterprise_linux:rh-nodejs12-npm |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28469
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7788
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22931
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22939
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22940
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23343
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32803
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32804
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3672
www.nessus.org/u?e94601c9
access.redhat.com/errata/RHSA-2021:3281
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1907444
bugzilla.redhat.com/show_bug.cgi?id=1945459
bugzilla.redhat.com/show_bug.cgi?id=1956818
bugzilla.redhat.com/show_bug.cgi?id=1988342
bugzilla.redhat.com/show_bug.cgi?id=1988394
bugzilla.redhat.com/show_bug.cgi?id=1990409
bugzilla.redhat.com/show_bug.cgi?id=1990415
bugzilla.redhat.com/show_bug.cgi?id=1993019
bugzilla.redhat.com/show_bug.cgi?id=1993029
bugzilla.redhat.com/show_bug.cgi?id=1993039
Related
redhat
redhat
(RHSA-2021:3281) Important: rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon security update
2021-08-26 09:51:49
(RHSA-2021:3280) Important: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security update
2021-08-26 09:51:14
(RHSA-2021:3623) Important: nodejs:12 security and bug fix update
2021-09-21 12:33:58
nessus
nessus
RHEL 7 : rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon (RHSA-2021:3280)
2021-08-26 00:00:00
Rocky Linux 8 : nodejs:14 (RLSA-2021:3666)
2022-02-09 00:00:00
RHEL 8 : nodejs:12 (RHSA-2021:3623)
2021-09-21 00:00:00
osv
osv
Important: nodejs:14 security and bug fix update
2021-09-27 06:47:35
Important: nodejs:12 security and bug fix update
2021-09-21 12:33:58
Important: nodejs:12 security and bug fix update
2021-09-21 12:33:58
oraclelinux
oraclelinux
nodejs:14 security and bug fix update
2021-09-27 00:00:00
nodejs:12 security and bug fix update
2021-09-22 00:00:00
rocky
rocky
nodejs:12 security and bug fix update
2021-09-21 12:33:58
nodejs:14 security and bug fix update
2021-09-27 06:47:35
almalinux
almalinux
Important: nodejs:14 security and bug fix update
2021-09-27 06:47:35
Important: nodejs:12 security and bug fix update
2021-09-21 12:33:58
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2021:2824-1)
2021-08-25 00:00:00
openSUSE: Security Advisory for nodejs12 (openSUSE-SU-2021:1214-1)
2021-09-01 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:3211-1)
2021-09-24 00:00:00
suse
suse
Security update for nodejs14 (important)
2021-09-28 00:00:00
Security update for nodejs12 (important)
2021-08-31 00:00:00
Security update for nodejs12 (important)
2021-08-30 00:00:00
ibm
ibm
gentoo
gentoo
c-ares: Multiple Vulnerabilities
2024-01-05 00:00:00
freebsd
freebsd
Node.js -- August 2021 Security Releases
2021-08-11 00:00:00
nodejsblog
nodejsblog
August 2021 Security Releases
2021-08-11 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package node version 14.17.5-alt1
2021-08-17 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2021-0090
2021-08-27 00:00:00
Critical Photon OS Security Update - PHSA-2021-4.0-0090
2021-08-27 00:00:00
ubuntucve
ubuntucve
prion
prion
Design/Logic Flaw
2021-08-03 19:15:00
Design/Logic Flaw
2021-06-03 16:15:00
Code injection
2021-05-04 09:15:00
debiancve
debiancve
alpinelinux
alpinelinux
CVE-2021-32804
2021-08-03 19:15:08
CVE-2021-32803
2021-08-03 19:15:08
cve
cve
redhatcve
redhatcve
cvelist
cvelist
CVE-2021-32804 Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
2021-08-03 19:10:12
CVE-2020-28469 Regular Expression Denial of Service (ReDoS)
2021-06-03 00:00:00
CVE-2021-23343 Regular Expression Denial of Service (ReDoS)
2021-05-04 00:00:00
github
github
glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex
2021-06-07 21:56:34
Regular Expression Denial of Service in path-parse
2021-08-10 15:33:47
nvd
nvd
debian
debian
[SECURITY] [DLA 3137-1] nodejs security update
2022-10-05 15:18:22
[SECURITY] [DLA 2503-1] node-ini security update
2020-12-21 15:01:05
archlinux
archlinux
[ASA-202110-5] nodejs-lts-fermium: multiple issues
2021-10-21 00:00:00
[ASA-202110-6] nodejs-lts-erbium: multiple issues
2021-10-21 00:00:00
f5
f5
K53225395 : Node.js vulnerabilities CVE-2021-3672 and CVE-2021-22931
2021-10-15 00:00:00
mageia
mageia
Updated nodejs packages fix security vulnerability
2021-10-06 22:41:56
Updated nodejs-tar packages fix security vulnerability
2022-03-21 23:18:30
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2021-05-05 05:46:25
Regular Expression Denial Of Service (ReDoS)
2021-01-21 14:21:20
Privilege Escalation
2021-08-05 05:45:17
nodejs
nodejs
Regular expression denial of service
2021-06-07 21:57:10
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
2021-08-03 18:14:17
Regular Expression Denial of Service in path-parse
2021-08-10 15:59:47
cbl_mariner
cbl_mariner
CVE-2021-22940 affecting package nodejs 14.17.2-1
2021-09-09 15:03:07
CVE-2021-22931 affecting package nodejs for versions less than 16.14.0-1
2022-04-09 06:52:23
githubexploit
githubexploit
Exploit for Path Traversal in Tar Project Tar
2021-08-31 04:32:38
hackerone
hackerone
Node.js: Improper handling of untypical characters in domain names
2021-04-28 14:07:26
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
Low
0.015 Low
EPSS
Percentile
87.2%
Related for REDHAT-RHSA-2021-3281.NASL