What is the severity of RHSA-2020:5499?

The severity of RHSA-2020:5499 is considered significant due to the existence of prototype pollution vulnerability.

How do I fix RHSA-2020:5499?

To fix RHSA-2020:5499, update the affected packages to versions 12.19.1-1.module+el8.3.0+8851+b7b41ca0 or newer as recommended.

What vulnerabilities are addressed in RHSA-2020:5499?

RHSA-2020:5499 addresses a prototype pollution vulnerability in nodejs-y18n and insufficiencies in c-ares.

Which packages are affected by RHSA-2020:5499?

The affected packages include nodejs, nodejs-nodemon, and nodejs-packaging among others.

Is there a recommended action for systems running affected packages from RHSA-2020:5499?

Yes, it is recommended to apply the updates immediately to mitigate potential risks.

Vulnerability/
RHSA-2020:5499

15/12/2020

RHSA-2020:5499: Moderate: nodejs:12 security and bug fix update

First published: Tue Dec 15 2020(Updated: )

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. <br>Security Fix(es):<br><li> nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)</li> <li> c-ares: ares_parse_{a,aaaa}_reply() insufficient naddrttls validation DoS (CVE-2020-8277)</li> <li> nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Bug Fix(es):<br><li> yarn install crashes with nodejs:12 on aarch64 (BZ#1901045)</li>

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2020:5499?
The severity of RHSA-2020:5499 is considered significant due to the existence of prototype pollution vulnerability.
How do I fix RHSA-2020:5499?
To fix RHSA-2020:5499, update the affected packages to versions 12.19.1-1.module+el8.3.0+8851+b7b41ca0 or newer as recommended.
What vulnerabilities are addressed in RHSA-2020:5499?
RHSA-2020:5499 addresses a prototype pollution vulnerability in nodejs-y18n and insufficiencies in c-ares.
Which packages are affected by RHSA-2020:5499?
The affected packages include nodejs, nodejs-nodemon, and nodejs-packaging among others.
Is there a recommended action for systems running affected packages from RHSA-2020:5499?
Yes, it is recommended to apply the updates immediately to mitigate potential risks.

agent/severity
agent/type
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2020:5499
agent/software-canonical-lookup
agent/remedy
agent/references
agent/title
agent/description
agent/event
agent/trending
agent/tags
agent/source
package-manager/redhat