Detections
Analytics
Rocky Linux 8 : nodejs:12 (RLSA-2021:0549)
critical Nessus Plugin ID 184892
Synopsis
The remote Rocky Linux host is missing one or more security updates.Description
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:0549 advisory.- The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.
(CVE-2018-3750)
- mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. (CVE-2019-10746)
- set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads. (CVE-2019-10747)
- This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters. (CVE-2020-7754)
- This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context. (CVE-2020-7788)
- Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits. (CVE-2020-8265)
- Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling. (CVE-2020-8287)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected nodejs-nodemon and / or nodejs-packaging packages.See Also
https://errata.rockylinux.org/RLSA-2021:0549
https://bugzilla.redhat.com/show_bug.cgi?id=1795475
https://bugzilla.redhat.com/show_bug.cgi?id=1795479
https://bugzilla.redhat.com/show_bug.cgi?id=1892430
https://bugzilla.redhat.com/show_bug.cgi?id=1907444
Plugin Details
Severity: Critical
ID: 184892
File Name: rocky_linux_RLSA-2021-0549.nasl
Version: 1.2
Type: local
Published: 11/7/2023
Updated: 12/22/2023
Supported Sensors: Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.2
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2020-7788
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 9.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:rocky:linux:nodejs-packaging, cpe:/o:rocky:linux:8, p-cpe:/a:rocky:linux:nodejs-nodemon
Required KB Items: Host/local_checks_enabled, Host/RockyLinux/release, Host/RockyLinux/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 2/16/2021
Vulnerability Publication Date: 5/16/2018
Reference Information
CVE: CVE-2018-3750, CVE-2019-10746, CVE-2019-10747, CVE-2020-7754, CVE-2020-7788, CVE-2020-8265, CVE-2020-8287