Node.js: Multiple vulnerabilities

Node.js: Multiple vulnerabilities Multiple vulnerabilities have been found in Node.js, worst of which could allow remote attackers to write arbitrary files. nodejs 2020-03-20 2020-03-20 658074 665656 672136 679132 702988 708458 local, remote 10.19.0 12.15.0 12.15.0

Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine.

Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details.

A remote attacker could possibly write arbitrary files, cause a Denial of Service condition or can conduct HTTP request splitting attacks.

There is no known workaround at this time.

All Node.js <12.x users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=net-libs/nodejs-10.19.0"

All Node.js 12.x users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=net-libs/nodejs-12.15.0"

CVE-2018-12115 CVE-2018-12116 CVE-2018-12121 CVE-2018-12122 CVE-2018-12123 CVE-2018-7161 CVE-2018-7162 CVE-2018-7164 CVE-2018-7167 CVE-2019-15604 CVE-2019-15605 CVE-2019-15606 CVE-2019-16777 CVE-2019-5737 CVE-2019-5739 BlueKnight whissi