The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them. |
|
 |
|
|
Synthesis of the vulnerability 
An attacker can bypass access restrictions via Prototype Pollution of Node.js yargs-parser, in order to read or alter data.
Vulnerable products: Nodejs Modules ~ not comprehensive, RHEL.
Severity of this weakness: 2/4.
Creation date: 05/10/2020.
Références of this bulletin: CVE-2020-7608, NPM-1500, RHSA-2021:0521-01, RHSA-2021:0548-01, VIGILANCE-VUL-33480.
Description of the vulnerability 
An attacker can bypass access restrictions via Prototype Pollution of Node.js yargs-parser, in order to read or alter data. Full bulletin, software filtering, emails, fixes, ... (Request your free trial)
This cybersecurity weakness impacts software or systems such as Nodejs Modules ~ not comprehensive, RHEL.
Our Vigil@nce team determined that the severity of this security vulnerability is medium.
The trust level is of type confirmed by the editor, with an origin of document.
An attacker with a expert ability can exploit this vulnerability bulletin.
Solutions for this threat 
Node.js yargs-parser: versions 13.1.2, 15.0.1 and 18.1.1.
Versions 13.1.2, 15.0.1 and 18.1.1 are fixed:
https://www.npmjs.com/package/yargs-parser
RHEL 7: new rh-nodejs10-nodejs packages.
New packages are available:
RHEL 7.0-7.9: rh-nodejs10-nodejs 10.23.1-2.el7
RHEL 8: new nodejs-10 module.
The following module is updated:
RHEL 8 Module: nodejs:10
Swagger Codegen: version 2.4.16.
The version 2.4.16 is fixed:
https://github.com/swagger-api/swagger-codegen/releases/tag/v2.4.16
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)
Computer vulnerabilities tracking service 
Vigil@nce provides a software vulnerabilities note. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.
|