The following packages have been upgraded to a later upstream version: nodejs (10.23.1).
* libuv: buffer overflow in realpath (CVE-2020-8252)
* nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS (CVE-2020-7754)
* nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)
* nodejs-ini: prototype pollution via malicious INI file (CVE-2020-7788)
* nodejs-dot-prop: prototype pollution (CVE-2020-8116)
* nodejs: use-after-free in the TLS implementation (CVE-2020-8265)
* npm: sensitive information exposure through logs (CVE-2020-15095)
* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)
* nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608)
* nodejs: HTTP request smuggling via two copies of a header field in an http request (CVE-2020-8287)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the AlmaLinux Packaging Team