Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0613 advisory.

  - A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as     @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states we are in     the process of marking this report as invalid; however, some third parties takes the position that A     prototype injection/Prototype pollution is not just when global objects are polluted with recursive merge     or deep cloning but also when a target object is polluted. (CVE-2022-37616)

  - When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by     finalizing the operation with a rename from a temporary name to the final target file name.In that rename     operation, it might accidentally *widen* the permissions for the target file, leaving the updated file     accessible to more users than intended. (CVE-2022-32207)

  - An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the     XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to     access an array at a negative 2GB offset, typically leading to a segmentation fault. (CVE-2022-40303)

  - An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a     hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be     provoked. (CVE-2022-40304)

  - There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName.
    X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME     incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently     interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL     checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may     allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or     enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate     chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these     inputs, the other input must already contain an X.400 address as a CRL distribution point, which is     uncommon. As such, this vulnerability is most likely to only affect applications which have implemented     their own functionality for retrieving CRLs over a network. (CVE-2023-0286)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:0548 advisory.

  - Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through     log files. The CLI supports URLs like     <protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>. The password value is not redacted     and is printed to stdout and also to any generated log files. (CVE-2020-15095)

  - An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully     crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While     untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of     service, not execution of code.) (CVE-2020-15366)

  - yargs-parser could be tricked into adding or modifying properties of Object.prototype using a __proto__     payload. (CVE-2020-7608)

  - This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took     exponentially longer to process long input strings beginning with @ characters. (CVE-2020-7754)

  - The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution. (CVE-2020-7774)

  - This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application     that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited     further depending on the context. (CVE-2020-7788)

  - Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before     5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
    (CVE-2020-8116)

  - The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly     determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256     bytes. (CVE-2020-8252)

  - Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its     TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls     node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method     does not return an error, this object is passed back to the caller as part of a StreamWriteResult     structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other     exploits. (CVE-2020-8265)

  - Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP     request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first     header field and ignores the second. This can lead to HTTP Request Smuggling. (CVE-2020-8287)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4272 advisory.

  - Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through     log files. The CLI supports URLs like     <protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>. The password value is not redacted     and is printed to stdout and also to any generated log files. (CVE-2020-15095)

  - Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before     5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
    (CVE-2020-8116)

  - Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious     payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison     cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the     underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the     HTTP header names. (CVE-2020-8201)

  - The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly     determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256     bytes. (CVE-2020-8252)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5086 advisory.

    Node.js is a software development platform for building fast and scalable network applications in the     JavaScript programming language.

    The following packages have been upgraded to a later upstream version: rh-nodejs12-nodejs (12.18.4).
    (BZ#1878550, BZ#1888291, BZ#1888298)

    Security Fix(es):

    * nodejs-dot-prop: prototype pollution (CVE-2020-8116)

    * nodejs: HTTP request smuggling due to CR-to-Hyphen conversion (CVE-2020-8201)

    * npm: Sensitive information exposure through logs (CVE-2020-15095)

    * libuv: buffer overflow in realpath (CVE-2020-8252)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0521 advisory.

    Node.js is a software development platform for building fast and scalable network applications in the     JavaScript programming language.

    The following packages have been upgraded to a later upstream version: rh-nodejs10-nodejs (10.23.1).

    Security Fix(es):

    * libuv: buffer overflow in realpath (CVE-2020-8252)

    * nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS     (CVE-2020-7754)

    * nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)

    * nodejs-ini: prototype pollution via malicious INI file (CVE-2020-7788)

    * nodejs-dot-prop: prototype pollution (CVE-2020-8116)

    * nodejs: use-after-free in the TLS implementation (CVE-2020-8265)

    * npm: sensitive information exposure through logs (CVE-2020-15095)

    * nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)

    * nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608)

    * nodejs: HTTP request smuggling via two copies of a header field in an http request (CVE-2020-8287)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:0548 advisory.

  - npm: sensitive information exposure through logs (CVE-2020-15095)

  - nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)

  - nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608)

  - nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS     (CVE-2020-7754)

  - nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)

  - nodejs-ini: Prototype pollution via malicious INI file (CVE-2020-7788)

  - nodejs-dot-prop: prototype pollution (CVE-2020-8116)

  - libuv: buffer overflow in realpath (CVE-2020-8252)

  - nodejs: use-after-free in the TLS implementation (CVE-2020-8265)

  - nodejs: HTTP request smuggling via two copies of a header field in an http request (CVE-2020-8287)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-0548 advisory.

    nodejs     [1:10.23.1-1]
    - January Security release
    - https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/
    - Rebase to 10.23.1
    - Resolves: RHBZ#1916461, RHBZ#1914789
    - Resolves: RHBZ#1914783, RHBZ#1916462, RHBZ#1916395, RHBZ#1916459
    - Resolves: RHBZ#1916691, RHBZ#1916689, RHBZ#1916388
    - Remove dot-prop patch, as it is fixed by npm rebase

    [1:10.22.1-1]
    - Security rebase to 10.22.1

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0548 advisory.

    Node.js is a software development platform for building fast and scalable network applications in the     JavaScript programming language.

    The following packages have been upgraded to a later upstream version: nodejs (10.23.1).

    Security Fix(es):

    * libuv: buffer overflow in realpath (CVE-2020-8252)

    * nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS     (CVE-2020-7754)

    * nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)

    * nodejs-ini: prototype pollution via malicious INI file (CVE-2020-7788)

    * nodejs-dot-prop: prototype pollution (CVE-2020-8116)

    * nodejs: use-after-free in the TLS implementation (CVE-2020-8265)

    * npm: sensitive information exposure through logs (CVE-2020-15095)

    * nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)

    * nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608)

    * nodejs: HTTP request smuggling via two copies of a header field in an http request (CVE-2020-8287)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4272 advisory.

  - npm: sensitive information exposure through logs (CVE-2020-15095)

  - nodejs-dot-prop: prototype pollution (CVE-2020-8116)

  - nodejs: HTTP request smuggling due to CR-to-Hyphen conversion (CVE-2020-8201)

  - libuv: buffer overflow in realpath (CVE-2020-8252)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4903 advisory.

    Node.js is a software development platform for building fast and scalable network applications in the     JavaScript programming language.

    The following packages have been upgraded to a later upstream version: nodejs (12.18.4).

    Security Fix(es):

    * nodejs-dot-prop: prototype pollution (CVE-2020-8116)

    * nodejs: HTTP request smuggling due to CR-to-Hyphen conversion (CVE-2020-8201)

    * npm: Sensitive information exposure through logs (CVE-2020-15095)

    * libuv: buffer overflow in realpath (CVE-2020-8252)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * The nodejs:12/development module is not installable (BZ#1883965)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4272 advisory.

    nodejs     [1:12.18.4-2]
    - Resolves: RHBZ#1883966 - nodejs-devel not installable due to missing brotli
    - Some spec fixes

    [12.18.4-1]
    - Rebase to 12.18.4

    nodejs-nodemon     nodejs-packaging

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4272 advisory.

    Node.js is a software development platform for building fast and scalable network applications in the     JavaScript programming language.

    The following packages have been upgraded to a later upstream version: nodejs (12.18.4).

    Security Fix(es):

    * nodejs-dot-prop: prototype pollution (CVE-2020-8116)

    * nodejs: HTTP request smuggling due to CR-to-Hyphen conversion (CVE-2020-8201)

    * npm: Sensitive information exposure through logs (CVE-2020-15095)

    * libuv: buffer overflow in realpath (CVE-2020-8252)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * The nodejs:12/development module is not installable (BZ#1883966)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
194919	Splunk Enterprise < 8.1.14, 8.2.0 < 8.2.11, 9.0.0 < 9.0.5 (SVD-2023-0613)	Nessus	CGI abuses	critical
184949	Rocky Linux 8 : nodejs:10 (RLSA-2021:0548)	Nessus	Rocky Linux Local Security Checks	critical
184572	Rocky Linux 8 : nodejs:12 (RLSA-2020:4272)	Nessus	Rocky Linux Local Security Checks	high
170332	RHEL 7 : rh-nodejs12-nodejs (RHSA-2020:5086)	Nessus	Red Hat Local Security Checks	high
165111	RHEL 7 : rh-nodejs10-nodejs (RHSA-2021:0521)	Nessus	Red Hat Local Security Checks	critical
146802	CentOS 8 : nodejs:10 (CESA-2021:0548)	Nessus	CentOS Local Security Checks	critical
146638	Oracle Linux 8 : nodejs:10 (ELSA-2021-0548)	Nessus	Oracle Linux Local Security Checks	critical
146547	RHEL 8 : nodejs:10 (RHSA-2021:0548)	Nessus	Red Hat Local Security Checks	critical
145813	CentOS 8 : nodejs:12 (CESA-2020:4272)	Nessus	CentOS Local Security Checks	high
142450	RHEL 8 : nodejs:12 (RHSA-2020:4903)	Nessus	Red Hat Local Security Checks	high
141637	Oracle Linux 8 : nodejs:12 (ELSA-2020-4272)	Nessus	Oracle Linux Local Security Checks	high
141536	RHEL 8 : nodejs:12 (RHSA-2020:4272)	Nessus	Red Hat Local Security Checks	high

Detections

Analytics

CVE-2020-8116

high

Tenable Plugins

critical

critical

high

high

critical

critical

critical

critical

high

high

high

high