What Are You Looking For?

Sign Up
MGASA-2020-0230 - Updated nodejs-set-value packages fix security vulnerability

Publication date: 27 May 2020
URL: https://advisories.mageia.org/MGASA-2020-0230.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2019-10747

Updated nodejs-set-value package fixes security vulnerability:

A vulnerability was found in NOdejs set-value, where set-value is
vulnerable to prototype Pollution in versions lower than 3.0.1.
The function mixin-deep could be tricked into adding or modifying
properties of Object.prototype using any of the constructor,
prototype and _proto_ payloads (CVE-2019-10747).

References:
- https://bugs.mageia.org/show_bug.cgi?id=26227
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3EJ36KV6MXQPUYTFCCTDY54E5Y7QP3AV/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10747

SRPMS:
- 7/core/nodejs-set-value-3.0.2-1.mga7

Mageia 2020-0230: nodejs-set-value security update

Updated nodejs-set-value package fixes security vulnerability: A vulnerability was found in NOdejs set-value, where set-value is vulnerable to prototype Pollution in versions lowe...

Summary

Updated nodejs-set-value package fixes security vulnerability:
A vulnerability was found in NOdejs set-value, where set-value is vulnerable to prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads (CVE-2019-10747).

References

- https://bugs.mageia.org/show_bug.cgi?id=26227

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3EJ36KV6MXQPUYTFCCTDY54E5Y7QP3AV/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10747

Resolution

MGASA-2020-0230 - Updated nodejs-set-value packages fix security vulnerability

SRPMS

- 7/core/nodejs-set-value-3.0.2-1.mga7

Severity
Publication date: 27 May 2020
URL: https://advisories.mageia.org/MGASA-2020-0230.html
Type: security
CVE: CVE-2019-10747

Related News

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In

Nov 25, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses

About Us

Powered By

Footer Logo