The host is missing a security update according to Apple advisory, APPLE-SA-2019-9-26-2. The update is required to fix an out-of-bounds read vulnerability. A flaw is present in the application, which fails to properly handle an input validation issue. Successful exploitation allows attackers to execute arbitrary code or cause an application to terminate unexpectedly.
The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.
node-nth-check: Parses and compiles CSS nth-checks to highly optimized functions. nth-check could be made to crash if it opened a specially crafted file.
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs , nodejs-nodemon . Security Fix: * nodejs-mixin-deep: prototype pollution in function mixin-deep * nodejs-set-value: prototype pollution in function set-value * nodejs-npm-user-validate ...
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs12-nodejs , rh-nodejs12-nodejs-nodemon . Security Fix: * nodejs-mixin-deep: prototype pollution in function mixin-deep * nodejs-set-value: prototype pollution in function set-value * ...