OESA-2022-1769

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1769
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2022-1769.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2022-1769
Upstream
Published
2022-07-22T11:04:01Z
Modified
2025-09-03T06:17:00.129134Z
Summary
nodejs security update
Details

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.

Security Fix(es):

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files.(CVE-2020-15095)

This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require( y18n )(); y18n.setLocale( proto ); y18n.updateLocale({polluted: true}); console.log(polluted); // true(CVE-2020-7774)

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters.(CVE-2020-7754)

This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.(CVE-2020-7788)

json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ( Prototype Pollution )(CVE-2021-3918)

Database specific 
{
    "severity": "Critical"
}
References

Affected packages

openEuler:20.03-LTS-SP1 / nodejs

Package

Name
nodejs
Purl
pkg:rpm/openEuler/nodejs&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.22.11-1.oe1

Ecosystem specific 

{
    "noarch": [
        "nodejs-docs-12.22.11-1.oe1.noarch.rpm"
    ],
    "src": [
        "nodejs-12.22.11-1.oe1.src.rpm"
    ],
    "aarch64": [
        "npm-6.14.16-1.12.22.11.1.oe1.aarch64.rpm",
        "nodejs-full-i18n-12.22.11-1.oe1.aarch64.rpm",
        "nodejs-12.22.11-1.oe1.aarch64.rpm",
        "nodejs-debuginfo-12.22.11-1.oe1.aarch64.rpm",
        "nodejs-libs-12.22.11-1.oe1.aarch64.rpm",
        "v8-devel-7.8.279.23-1.12.22.11.1.oe1.aarch64.rpm",
        "nodejs-debugsource-12.22.11-1.oe1.aarch64.rpm",
        "nodejs-devel-12.22.11-1.oe1.aarch64.rpm"
    ],
    "x86_64": [
        "nodejs-12.22.11-1.oe1.x86_64.rpm",
        "nodejs-full-i18n-12.22.11-1.oe1.x86_64.rpm",
        "v8-devel-7.8.279.23-1.12.22.11.1.oe1.x86_64.rpm",
        "nodejs-devel-12.22.11-1.oe1.x86_64.rpm",
        "nodejs-debugsource-12.22.11-1.oe1.x86_64.rpm",
        "npm-6.14.16-1.12.22.11.1.oe1.x86_64.rpm",
        "nodejs-debuginfo-12.22.11-1.oe1.x86_64.rpm",
        "nodejs-libs-12.22.11-1.oe1.x86_64.rpm"
    ]
}

openEuler:20.03-LTS-SP3 / nodejs

Package

Name
nodejs
Purl
pkg:rpm/openEuler/nodejs&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.22.11-1.oe1

Ecosystem specific 

{
    "noarch": [
        "nodejs-docs-12.22.11-1.oe1.noarch.rpm"
    ],
    "src": [
        "nodejs-12.22.11-1.oe1.src.rpm"
    ],
    "aarch64": [
        "nodejs-devel-12.22.11-1.oe1.aarch64.rpm",
        "nodejs-debugsource-12.22.11-1.oe1.aarch64.rpm",
        "v8-devel-7.8.279.23-1.12.22.11.1.oe1.aarch64.rpm",
        "npm-6.14.16-1.12.22.11.1.oe1.aarch64.rpm",
        "nodejs-12.22.11-1.oe1.aarch64.rpm",
        "nodejs-debuginfo-12.22.11-1.oe1.aarch64.rpm",
        "nodejs-full-i18n-12.22.11-1.oe1.aarch64.rpm",
        "nodejs-libs-12.22.11-1.oe1.aarch64.rpm"
    ],
    "x86_64": [
        "nodejs-libs-12.22.11-1.oe1.x86_64.rpm",
        "v8-devel-7.8.279.23-1.12.22.11.1.oe1.x86_64.rpm",
        "nodejs-12.22.11-1.oe1.x86_64.rpm",
        "nodejs-debugsource-12.22.11-1.oe1.x86_64.rpm",
        "nodejs-devel-12.22.11-1.oe1.x86_64.rpm",
        "npm-6.14.16-1.12.22.11.1.oe1.x86_64.rpm",
        "nodejs-full-i18n-12.22.11-1.oe1.x86_64.rpm",
        "nodejs-debuginfo-12.22.11-1.oe1.x86_64.rpm"
    ]
}