A flaw was found in base64url. An Uninitialized Memory Exposure in pad-string.ts file allows an attacker to extract sensitive data from uninitialized memory or may cause a Denial of Service (DoS) by passing in a large number, in setups where typed user input can be passed (e.g. from JSON).On Node.js 4.x and below (4.x is still supported), this exposes uninitialized memory, which could contain sensitive data. This can be also used to cause a DoS by consuming the memory when large numbers are passed on input.
Created nodejs-base64-url tracking bugs for this issue:
Affects: fedora-all [bug 1579511]
NodeJS is shipped in Openshift Enterprise 3.9 as ImageStreams. Those ImageStreams are the RH Software Collection images. Setting Openshift Enterprise 3 as not affected.