Versions of the npm CLI prior to 6.13.4 are vulnerable to a Global node_modules Binary Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. References: https://www.npmjs.com/advisories/1437 https://nodejs.org/en/blog/vulnerability/december-2019-security-releases/ https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
Created nodejs tracking bugs for this issue: Affects: epel-all [bug 1788303] Affects: fedora-all [bug 1788302]
Red Hat Quay versions up to v3.2.0 are affected by the use of yarn to install client side dependencies. Red Hat Quay uses the npm package from RHEL 7 so that will be updated once a fix for RHEL 7 is available.
The issue in Yarn was assigned CVE-2019-10773, Red Hat Quay is affected by that issue, not this one.
This vulnerability is out of security support scope for the following products: * Red Hat Openshift Application Runtimes Node.js 8 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
This vulnerability was fixed in RHEL-8.1.0.z via the following erratum : https://access.redhat.com/errata/RHEA-2020:0330
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0573 https://access.redhat.com/errata/RHSA-2020:0573
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-16777
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0579 https://access.redhat.com/errata/RHSA-2020:0579
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2020:0597 https://access.redhat.com/errata/RHSA-2020:0597
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2020:0602 https://access.redhat.com/errata/RHSA-2020:0602
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2020:2625 https://access.redhat.com/errata/RHSA-2020:2625