Joyent Node.js 安全漏洞

CNNVD-ID编号	CNNVD-202002-220
CVE编号	CVE-2019-15606
发布时间	2020-02-07
更新时间	2020-11-13
漏洞类型	其他
漏洞来源	N/A
危险等级	超危
威胁类型	远程
厂商	N/A

漏洞介绍

Joyent Node.js是美国Joyent公司的一套建立在Google V8 JavaScript引擎之上的网络应用平台。该平台主要用于构建高度可伸缩的应用程序，以及编写能够处理数万条且同时连接到一个物理机的连接代码。

Joyent Node.js 10版本、12版本和13版本中存在输入验证错误漏洞。攻击者可利用该漏洞绕过授权。

漏洞补丁

目前厂商已发布升级了Joyent Node.js 安全漏洞的补丁，Joyent Node.js 安全漏洞的补丁获取链接：

https://nodejs.org/en/blog/release/v13.8.0/

参考网址

来源:DEBIAN

链接：https://www.debian.org/security/2020/dsa-4669
来源:GENTOO

链接：https://security.gentoo.org/glsa/202003-48
来源:N/A

链接：https://www.oracle.com/security-alerts/cpuapr2020.html
来源:CONFIRM

链接：https://nodejs.org/en/blog/release/v12.15.0/
来源:hackerone.com

链接：https://hackerone.com/reports/730779
来源:nodejs.org

链接：https://nodejs.org/en/blog/release/v13.8.0/
来源:CONFIRM

链接：https://nodejs.org/en/blog/release/v10.19.0/
来源:CONFIRM

链接：https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/
来源:SUSE

链接：http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html
来源:CONFIRM

链接：https://security.netapp.com/advisory/ntap-20200221-0004/
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0602
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0579
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0573
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0598
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0597
来源:www.ibm.com

链接：https://www.ibm.com/support/pages/node/3022677
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1544/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0617/
来源:nvd.nist.gov

链接：https://nvd.nist.gov/vuln/detail/CVE-2019-15606
来源:www.nsfocus.net

链接：http://www.nsfocus.net/vulndb/46604
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-node-js-vulnerabilities-affect-ibm-spectrum-control-cve-2019-15606-cve-2019-15604-cve-2019-15605/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0671/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-ibm-sdk-for-node-js-might-affect-the-configuration-editor-used-by-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0695/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-private-node-js-cve-2019-15605-cve-2019-15606/
来源:vigilance.fr

链接：https://vigilance.fr/vulnerability/Node-Core-three-vulnerabilities-31539
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affected-by-multiple-node-js-vulnerabilities/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-private-node-js-cve-2019-15605-cve-2019-15606-2/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-planning-analytics-workspace/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-potential-vulnerabilities-in-node-js/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/156530/Red-Hat-Security-Advisory-2020-0598-01.html
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-affected-by-multiple-cves-in-node-js-2/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-pak-for-data-node-js-cve-2019-15606-cve-2019-15604-cve-2019-15605/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0856/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-node-js-affect-ibm-i/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-node-js-affects-ibm-app-connect-enterprise-v11/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/156846/Gentoo-Linux-Security-Advisory-202003-48.html
来源:access.redhat.com

链接：https://access.redhat.com/security/cve/cve-2019-15606
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-sdk-for-node-js-in-ibm-cloud/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0593/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-version-10-16-3-of-node-js-included-in-ibm-cloud-event-management-2-5-0-has-several-security-vulnerabilities-2/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-node-jscve-2019-15604-cve-2019-15605-cve-2019-15606/

受影响实体

暂无

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202002-220