Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: rh-nodejs8-nodejs (8.17.0). (BZ#1829414)
Security Fix(es):
nodejs-brace-expansion: Regular expression denial of service (CVE-2017-18077)
nodejs-chownr: TOCTOU vulnerability in chownr
function in chownr.js (CVE-2017-18869)
nodejs-sshpk: ReDoS when parsing crafted invalid public keys in lib/formats/ssh.js (CVE-2018-3737)
nodejs-deep-extend: Prototype pollution can allow attackers to modify object properties (CVE-2018-3750)
npm: Symlink reference outside of node_modules folder through the bin field upon installation (CVE-2019-16775)
npm: Arbitrary file write via constructed entry in the package.json bin field (CVE-2019-16776)
npm: Global node_modules Binary Overwrite (CVE-2019-16777)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.