The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:0549 advisory.

  - nodejs-deep-extend: Prototype pollution can allow attackers to modify object properties (CVE-2018-3750)

  - nodejs-mixin-deep: prototype pollution in function mixin-deep (CVE-2019-10746)

  - nodejs-set-value: prototype pollution in function set-value (CVE-2019-10747)

  - nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS     (CVE-2020-7754)

  - nodejs-ini: prototype pollution via malicious INI file (CVE-2020-7788)

  - nodejs: use-after-free in the TLS implementation (CVE-2020-8265)

  - nodejs: HTTP request smuggling via two copies of a header field in an http request (CVE-2020-8287)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:0548 advisory.

  - npm: sensitive information exposure through logs (CVE-2020-15095)

  - nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)

  - nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608)

  - nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS     (CVE-2020-7754)

  - nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)

  - nodejs-ini: prototype pollution via malicious INI file (CVE-2020-7788)

  - nodejs-dot-prop: prototype pollution (CVE-2020-8116)

  - libuv: buffer overflow in realpath (CVE-2020-8252)

  - nodejs: use-after-free in the TLS implementation (CVE-2020-8265)

  - nodejs: HTTP request smuggling via two copies of a header field in an http request (CVE-2020-8287)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-0548 advisory.

  - Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before     5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
    (CVE-2020-8116)

  - The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly     determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256     bytes. (CVE-2020-8252)

  - Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through     log files. The CLI supports URLs like     ://[[:]@][:][:][/]. The password value is not redacted     and is printed to stdout and also to any generated log files. (CVE-2020-15095)

  - yargs-parser could be tricked into adding or modifying properties of Object.prototype using a __proto__     payload. (CVE-2020-7608)

  - This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took     exponentially longer to process long input strings beginning with @ characters. (CVE-2020-7754)

  - This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application     that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited     further depending on the context. (CVE-2020-7788)

  - Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its     TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls     node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method     does not return an error, this object is passed back to the caller as part of a StreamWriteResult     structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other     exploits. (CVE-2020-8265)

  - Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP     request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first     header field and ignores the second. This can lead to HTTP Request Smuggling. (CVE-2020-8287)

  - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')();
    y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true     (CVE-2020-7774)

  - An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully     crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While     untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of     service, not execution of code.) (CVE-2020-15366)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-0551 advisory.

  - This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took     exponentially longer to process long input strings beginning with @ characters. (CVE-2020-7754)

  - This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application     that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited     further depending on the context. (CVE-2020-7788)

  - Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its     TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls     node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method     does not return an error, this object is passed back to the caller as part of a StreamWriteResult     structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other     exploits. (CVE-2020-8265)

  - Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP     request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first     header field and ignores the second. This can lead to HTTP Request Smuggling. (CVE-2020-8287)

  - A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could     trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to     resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.
    (CVE-2020-8277)

  - An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully     crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While     untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of     service, not execution of code.) (CVE-2020-15366)

  - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')();
    y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true     (CVE-2020-7774)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-0549 advisory.

  - This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took     exponentially longer to process long input strings beginning with @ characters. (CVE-2020-7754)

  - mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function     mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor     payload. (CVE-2019-10746)

  - set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could     be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype     and _proto_ payloads. (CVE-2019-10747)

  - This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application     that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited     further depending on the context. (CVE-2020-7788)

  - Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its     TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls     node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method     does not return an error, this object is passed back to the caller as part of a StreamWriteResult     structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other     exploits. (CVE-2020-8265)

  - Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP     request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first     header field and ignores the second. This can lead to HTTP Request Smuggling. (CVE-2020-8287)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:0551 advisory.

  - nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)

  - nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS     (CVE-2020-7754)

  - nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)

  - nodejs-ini: prototype pollution via malicious INI file (CVE-2020-7788)

  - nodejs: use-after-free in the TLS implementation (CVE-2020-8265)

  - c-ares: ares_parse_{a,aaaa}_reply() insufficient naddrttls validation DoS (CVE-2020-8277)

  - nodejs: HTTP request smuggling via two copies of a header field in an http request (CVE-2020-8287)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0548 advisory.

  - npm: sensitive information exposure through logs (CVE-2020-15095)

  - nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)

  - nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608)

  - nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS     (CVE-2020-7754)

  - nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)

  - nodejs-ini: prototype pollution via malicious INI file (CVE-2020-7788)

  - nodejs-dot-prop: prototype pollution (CVE-2020-8116)

  - libuv: buffer overflow in realpath (CVE-2020-8252)

  - nodejs: use-after-free in the TLS implementation (CVE-2020-8265)

  - nodejs: HTTP request smuggling via two copies of a header field in an http request (CVE-2020-8287)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0551 advisory.

  - nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)

  - nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS     (CVE-2020-7754)

  - nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)

  - nodejs-ini: prototype pollution via malicious INI file (CVE-2020-7788)

  - nodejs: use-after-free in the TLS implementation (CVE-2020-8265)

  - c-ares: ares_parse_{a,aaaa}_reply() insufficient naddrttls validation DoS (CVE-2020-8277)

  - nodejs: HTTP request smuggling via two copies of a header field in an http request (CVE-2020-8287)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0549 advisory.

  - nodejs-mixin-deep: prototype pollution in function mixin-deep (CVE-2019-10746)

  - nodejs-set-value: prototype pollution in function set-value (CVE-2019-10747)

  - nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS     (CVE-2020-7754)

  - nodejs-ini: prototype pollution via malicious INI file (CVE-2020-7788)

  - nodejs: use-after-free in the TLS implementation (CVE-2020-8265)

  - nodejs: HTTP request smuggling via two copies of a header field in an http request (CVE-2020-8287)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
146539	CentOS 8 : nodejs:12 (CESA-2021:0549)	Nessus	CentOS Local Security Checks	high
146802	CentOS 8 : nodejs:10 (CESA-2021:0548)	Nessus	CentOS Local Security Checks	high
146638	Oracle Linux 8 : nodejs:10 (ELSA-2021-0548)	Nessus	Oracle Linux Local Security Checks	high
146637	Oracle Linux 8 : nodejs:14 (ELSA-2021-0551)	Nessus	Oracle Linux Local Security Checks	high
146636	Oracle Linux 8 : nodejs:12 (ELSA-2021-0549)	Nessus	Oracle Linux Local Security Checks	high
146548	CentOS 8 : nodejs:14 (CESA-2021:0551)	Nessus	CentOS Local Security Checks	high
146547	RHEL 8 : nodejs:10 (RHSA-2021:0548)	Nessus	Red Hat Local Security Checks	high
146540	RHEL 8 : nodejs:14 (RHSA-2021:0551)	Nessus	Red Hat Local Security Checks	high
146536	RHEL 8 : nodejs:12 (RHSA-2021:0549)	Nessus	Red Hat Local Security Checks	high

CVE-2020-7754

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high

high

high

high

high

high

high