Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html
https://access.redhat.com/errata/RHSA-2020:0573
https://access.redhat.com/errata/RHSA-2020:0579
https://access.redhat.com/errata/RHSA-2020:0597
https://access.redhat.com/errata/RHSA-2020:0598
https://access.redhat.com/errata/RHSA-2020:0602
https://hackerone.com/reports/746733
https://nodejs.org/en/blog/release/v10.19.0/
https://nodejs.org/en/blog/release/v12.15.0/
https://nodejs.org/en/blog/release/v13.8.0/
https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/
Source: MITRE
Published: 2020-02-07
Updated: 2020-03-20
Type: CWE-295
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
Base Score: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 3.9
Severity: HIGH
OR
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
145979 | CentOS 8 : nodejs:10 (CESA-2020:0579) | Nessus | CentOS Local Security Checks | high |
145796 | CentOS 8 : nodejs:12 (CESA-2020:0598) | Nessus | CentOS Local Security Checks | high |
140036 | Oracle Linux 8 : nodejs:12 (ELSA-2020-0598) | Nessus | Oracle Linux Local Security Checks | high |
140035 | Oracle Linux 8 : nodejs:10 (ELSA-2020-0579) | Nessus | Oracle Linux Local Security Checks | high |
136126 | Debian DSA-4669-1 : nodejs - security update (Data Dribble) (Reset Flood) (Resource Loop) | Nessus | Debian Local Security Checks | high |
136036 | Photon OS 1.0: Nodejs10 PHSA-2020-1.0-0289 | Nessus | PhotonOS Local Security Checks | high |
134776 | GLSA-202003-48 : Node.js: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
134356 | FreeBSD : Node.js -- multiple vulnerabilities (0032400f-624f-11ea-b495-000d3ab229d6) | Nessus | FreeBSD Local Security Checks | high |
134281 | openSUSE Security Update : nodejs8 (openSUSE-2020-293) | Nessus | SuSE Local Security Checks | high |
134100 | SUSE SLES12 Security Update : nodejs6 (SUSE-SU-2020:0488-1) | Nessus | SuSE Local Security Checks | high |
134075 | SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2020:0455-1) | Nessus | SuSE Local Security Checks | high |
134074 | SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2020:0454-1) | Nessus | SuSE Local Security Checks | high |
134068 | RHEL 8 : nodejs:12 (RHSA-2020:0598) | Nessus | Red Hat Local Security Checks | high |
134062 | RHEL 8 : nodejs:10 (RHSA-2020:0579) | Nessus | Red Hat Local Security Checks | high |
134028 | RHEL 8 : nodejs:10 (RHSA-2020:0573) | Nessus | Red Hat Local Security Checks | high |
133956 | Photon OS 3.0: Nodejs PHSA-2020-3.0-0060 | Nessus | PhotonOS Local Security Checks | high |
133947 | SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2020:0429-1) | Nessus | SuSE Local Security Checks | high |
133946 | SUSE SLES12 Security Update : nodejs10 (SUSE-SU-2020:0427-1) | Nessus | SuSE Local Security Checks | high |