Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2020:5086 - Security Advisory
Issued:
2020-11-11
Updated:
2020-11-11

RHSA-2020:5086 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: rh-nodejs12-nodejs security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

The following packages have been upgraded to a later upstream version: rh-nodejs12-nodejs (12.18.4). (BZ#1878550, BZ#1888291, BZ#1888298)

Security Fix(es):

  • nodejs-dot-prop: prototype pollution (CVE-2020-8116)
  • nodejs: HTTP request smuggling due to CR-to-Hyphen conversion (CVE-2020-8201)
  • npm: Sensitive information exposure through logs (CVE-2020-15095)
  • libuv: buffer overflow in realpath (CVE-2020-8252)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7 x86_64
  • Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.7 s390x
  • Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.7 ppc64le
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.6 x86_64
  • Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.6 s390x
  • Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.6 ppc64le
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
  • Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
  • Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
  • Red Hat Software Collections (for RHEL Server for ARM) 1 aarch64
  • Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64

Fixes

  • BZ - 1856875 - CVE-2020-15095 npm: Sensitive information exposure through logs
  • BZ - 1868196 - CVE-2020-8116 nodejs-dot-prop: prototype pollution
  • BZ - 1879311 - CVE-2020-8201 nodejs: HTTP request smuggling due to CR-to-Hyphen conversion
  • BZ - 1879315 - CVE-2020-8252 libuv: buffer overflow in realpath

CVEs

  • CVE-2020-8116
  • CVE-2020-8201
  • CVE-2020-8252
  • CVE-2020-15095

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7

SRPM
rh-nodejs12-nodejs-12.18.4-3.el7.src.rpm SHA-256: 7d44ea2c02e1831797c23479292024678dc8abdfd0f9012245907be96cf70977
x86_64
rh-nodejs12-nodejs-12.18.4-3.el7.x86_64.rpm SHA-256: 4d7c1b5d4a70be9afb04517827ead94c3945e2ce27d6ae9e6e04dd201cdab76b
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.x86_64.rpm SHA-256: 2eb05a5a75ef086f2404f1fc77feeae5047b6720340d9470382516aeb1ff1c98
rh-nodejs12-nodejs-devel-12.18.4-3.el7.x86_64.rpm SHA-256: 3460d6d19c1ba2b11c9ade9b1eee88776a0e08947fe56d730d5b360018638268
rh-nodejs12-nodejs-docs-12.18.4-3.el7.noarch.rpm SHA-256: addb632cf0ffaba27d8f33835827af7c531d2e558d83cdb37a717c0624827b53
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.x86_64.rpm SHA-256: 8dcd22361a6096e81515a4c064fe5c6afbe0c38a5254b0900a7dff3b10dc6db1

Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.7

SRPM
rh-nodejs12-nodejs-12.18.4-3.el7.src.rpm SHA-256: 7d44ea2c02e1831797c23479292024678dc8abdfd0f9012245907be96cf70977
s390x
rh-nodejs12-nodejs-12.18.4-3.el7.s390x.rpm SHA-256: 8a40afadf3bbc6686d05ac72ce2c5f25e4e3d92234afc5c09a22a7d9ea8b13e7
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.s390x.rpm SHA-256: 68cddd442f81a5efdb3019e8b8a03f20243eac3da4ee8be195ae7ee87d039a22
rh-nodejs12-nodejs-devel-12.18.4-3.el7.s390x.rpm SHA-256: 133bfa0f5e995425c747299877ef03d19221eec74aa1aa93316b8f391b23c35f
rh-nodejs12-nodejs-docs-12.18.4-3.el7.noarch.rpm SHA-256: addb632cf0ffaba27d8f33835827af7c531d2e558d83cdb37a717c0624827b53
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.s390x.rpm SHA-256: 03fc02af10ec9a35d146cde4e162964817b815433b12fdb3e26a2d0cda96838e

Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.7

SRPM
rh-nodejs12-nodejs-12.18.4-3.el7.src.rpm SHA-256: 7d44ea2c02e1831797c23479292024678dc8abdfd0f9012245907be96cf70977
ppc64le
rh-nodejs12-nodejs-12.18.4-3.el7.ppc64le.rpm SHA-256: d0008a6ca66447976a1b2d0b642ea8c6d70c529c4c13033df4a198bd7a719ba1
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.ppc64le.rpm SHA-256: 9854f6514bc0eb60bc143e60553fa774833f4826865876da819f72826bd006fd
rh-nodejs12-nodejs-devel-12.18.4-3.el7.ppc64le.rpm SHA-256: 784283a69b3f258b29fb2d52089642c998007d1b9dcf66c093549ada91e7485b
rh-nodejs12-nodejs-docs-12.18.4-3.el7.noarch.rpm SHA-256: addb632cf0ffaba27d8f33835827af7c531d2e558d83cdb37a717c0624827b53
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.ppc64le.rpm SHA-256: e609bc84efc539f74ca8753c53642ff82a7e4a02c0cfccdf939a226005f0f492

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.6

SRPM
rh-nodejs12-nodejs-12.18.4-3.el7.src.rpm SHA-256: 7d44ea2c02e1831797c23479292024678dc8abdfd0f9012245907be96cf70977
x86_64
rh-nodejs12-nodejs-12.18.4-3.el7.x86_64.rpm SHA-256: 4d7c1b5d4a70be9afb04517827ead94c3945e2ce27d6ae9e6e04dd201cdab76b
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.x86_64.rpm SHA-256: 2eb05a5a75ef086f2404f1fc77feeae5047b6720340d9470382516aeb1ff1c98
rh-nodejs12-nodejs-devel-12.18.4-3.el7.x86_64.rpm SHA-256: 3460d6d19c1ba2b11c9ade9b1eee88776a0e08947fe56d730d5b360018638268
rh-nodejs12-nodejs-docs-12.18.4-3.el7.noarch.rpm SHA-256: addb632cf0ffaba27d8f33835827af7c531d2e558d83cdb37a717c0624827b53
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.x86_64.rpm SHA-256: 8dcd22361a6096e81515a4c064fe5c6afbe0c38a5254b0900a7dff3b10dc6db1

Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.6

SRPM
rh-nodejs12-nodejs-12.18.4-3.el7.src.rpm SHA-256: 7d44ea2c02e1831797c23479292024678dc8abdfd0f9012245907be96cf70977
s390x
rh-nodejs12-nodejs-12.18.4-3.el7.s390x.rpm SHA-256: 8a40afadf3bbc6686d05ac72ce2c5f25e4e3d92234afc5c09a22a7d9ea8b13e7
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.s390x.rpm SHA-256: 68cddd442f81a5efdb3019e8b8a03f20243eac3da4ee8be195ae7ee87d039a22
rh-nodejs12-nodejs-devel-12.18.4-3.el7.s390x.rpm SHA-256: 133bfa0f5e995425c747299877ef03d19221eec74aa1aa93316b8f391b23c35f
rh-nodejs12-nodejs-docs-12.18.4-3.el7.noarch.rpm SHA-256: addb632cf0ffaba27d8f33835827af7c531d2e558d83cdb37a717c0624827b53
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.s390x.rpm SHA-256: 03fc02af10ec9a35d146cde4e162964817b815433b12fdb3e26a2d0cda96838e

Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.6

SRPM
rh-nodejs12-nodejs-12.18.4-3.el7.src.rpm SHA-256: 7d44ea2c02e1831797c23479292024678dc8abdfd0f9012245907be96cf70977
ppc64le
rh-nodejs12-nodejs-12.18.4-3.el7.ppc64le.rpm SHA-256: d0008a6ca66447976a1b2d0b642ea8c6d70c529c4c13033df4a198bd7a719ba1
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.ppc64le.rpm SHA-256: 9854f6514bc0eb60bc143e60553fa774833f4826865876da819f72826bd006fd
rh-nodejs12-nodejs-devel-12.18.4-3.el7.ppc64le.rpm SHA-256: 784283a69b3f258b29fb2d52089642c998007d1b9dcf66c093549ada91e7485b
rh-nodejs12-nodejs-docs-12.18.4-3.el7.noarch.rpm SHA-256: addb632cf0ffaba27d8f33835827af7c531d2e558d83cdb37a717c0624827b53
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.ppc64le.rpm SHA-256: e609bc84efc539f74ca8753c53642ff82a7e4a02c0cfccdf939a226005f0f492

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7

SRPM
rh-nodejs12-nodejs-12.18.4-3.el7.src.rpm SHA-256: 7d44ea2c02e1831797c23479292024678dc8abdfd0f9012245907be96cf70977
x86_64
rh-nodejs12-nodejs-12.18.4-3.el7.x86_64.rpm SHA-256: 4d7c1b5d4a70be9afb04517827ead94c3945e2ce27d6ae9e6e04dd201cdab76b
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.x86_64.rpm SHA-256: 2eb05a5a75ef086f2404f1fc77feeae5047b6720340d9470382516aeb1ff1c98
rh-nodejs12-nodejs-devel-12.18.4-3.el7.x86_64.rpm SHA-256: 3460d6d19c1ba2b11c9ade9b1eee88776a0e08947fe56d730d5b360018638268
rh-nodejs12-nodejs-docs-12.18.4-3.el7.noarch.rpm SHA-256: addb632cf0ffaba27d8f33835827af7c531d2e558d83cdb37a717c0624827b53
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.x86_64.rpm SHA-256: 8dcd22361a6096e81515a4c064fe5c6afbe0c38a5254b0900a7dff3b10dc6db1

Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7

SRPM
rh-nodejs12-nodejs-12.18.4-3.el7.src.rpm SHA-256: 7d44ea2c02e1831797c23479292024678dc8abdfd0f9012245907be96cf70977
s390x
rh-nodejs12-nodejs-12.18.4-3.el7.s390x.rpm SHA-256: 8a40afadf3bbc6686d05ac72ce2c5f25e4e3d92234afc5c09a22a7d9ea8b13e7
rh-nodejs12-nodejs-12.18.4-3.el7.s390x.rpm SHA-256: 8a40afadf3bbc6686d05ac72ce2c5f25e4e3d92234afc5c09a22a7d9ea8b13e7
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.s390x.rpm SHA-256: 68cddd442f81a5efdb3019e8b8a03f20243eac3da4ee8be195ae7ee87d039a22
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.s390x.rpm SHA-256: 68cddd442f81a5efdb3019e8b8a03f20243eac3da4ee8be195ae7ee87d039a22
rh-nodejs12-nodejs-devel-12.18.4-3.el7.s390x.rpm SHA-256: 133bfa0f5e995425c747299877ef03d19221eec74aa1aa93316b8f391b23c35f
rh-nodejs12-nodejs-devel-12.18.4-3.el7.s390x.rpm SHA-256: 133bfa0f5e995425c747299877ef03d19221eec74aa1aa93316b8f391b23c35f
rh-nodejs12-nodejs-docs-12.18.4-3.el7.noarch.rpm SHA-256: addb632cf0ffaba27d8f33835827af7c531d2e558d83cdb37a717c0624827b53
rh-nodejs12-nodejs-docs-12.18.4-3.el7.noarch.rpm SHA-256: addb632cf0ffaba27d8f33835827af7c531d2e558d83cdb37a717c0624827b53
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.s390x.rpm SHA-256: 03fc02af10ec9a35d146cde4e162964817b815433b12fdb3e26a2d0cda96838e
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.s390x.rpm SHA-256: 03fc02af10ec9a35d146cde4e162964817b815433b12fdb3e26a2d0cda96838e

Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7

SRPM
rh-nodejs12-nodejs-12.18.4-3.el7.src.rpm SHA-256: 7d44ea2c02e1831797c23479292024678dc8abdfd0f9012245907be96cf70977
ppc64le
rh-nodejs12-nodejs-12.18.4-3.el7.ppc64le.rpm SHA-256: d0008a6ca66447976a1b2d0b642ea8c6d70c529c4c13033df4a198bd7a719ba1
rh-nodejs12-nodejs-12.18.4-3.el7.ppc64le.rpm SHA-256: d0008a6ca66447976a1b2d0b642ea8c6d70c529c4c13033df4a198bd7a719ba1
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.ppc64le.rpm SHA-256: 9854f6514bc0eb60bc143e60553fa774833f4826865876da819f72826bd006fd
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.ppc64le.rpm SHA-256: 9854f6514bc0eb60bc143e60553fa774833f4826865876da819f72826bd006fd
rh-nodejs12-nodejs-devel-12.18.4-3.el7.ppc64le.rpm SHA-256: 784283a69b3f258b29fb2d52089642c998007d1b9dcf66c093549ada91e7485b
rh-nodejs12-nodejs-devel-12.18.4-3.el7.ppc64le.rpm SHA-256: 784283a69b3f258b29fb2d52089642c998007d1b9dcf66c093549ada91e7485b
rh-nodejs12-nodejs-docs-12.18.4-3.el7.noarch.rpm SHA-256: addb632cf0ffaba27d8f33835827af7c531d2e558d83cdb37a717c0624827b53
rh-nodejs12-nodejs-docs-12.18.4-3.el7.noarch.rpm SHA-256: addb632cf0ffaba27d8f33835827af7c531d2e558d83cdb37a717c0624827b53
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.ppc64le.rpm SHA-256: e609bc84efc539f74ca8753c53642ff82a7e4a02c0cfccdf939a226005f0f492
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.ppc64le.rpm SHA-256: e609bc84efc539f74ca8753c53642ff82a7e4a02c0cfccdf939a226005f0f492

Red Hat Software Collections (for RHEL Server for ARM) 1

SRPM
rh-nodejs12-nodejs-12.18.4-3.el7.src.rpm SHA-256: 7d44ea2c02e1831797c23479292024678dc8abdfd0f9012245907be96cf70977
aarch64
rh-nodejs12-nodejs-12.18.4-3.el7.aarch64.rpm SHA-256: cd5f24347432f605567af38614fe173c075fe73aab13611f6ba9a24b4dc75cc5
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.aarch64.rpm SHA-256: 2d15598826ef870b119f51d3ad9c16a4ba81a0c09544b5f9efb1a4766966a7aa
rh-nodejs12-nodejs-devel-12.18.4-3.el7.aarch64.rpm SHA-256: f9fe91e4cb6fdf0927fd4f08c56da9c6e73e8398852c22aee002e0ee5554e510
rh-nodejs12-nodejs-docs-12.18.4-3.el7.noarch.rpm SHA-256: addb632cf0ffaba27d8f33835827af7c531d2e558d83cdb37a717c0624827b53
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.aarch64.rpm SHA-256: e6011155af068d724144dd36e1b352542ad177403e09c7718d4c57319d92b373

Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7

SRPM
rh-nodejs12-nodejs-12.18.4-3.el7.src.rpm SHA-256: 7d44ea2c02e1831797c23479292024678dc8abdfd0f9012245907be96cf70977
x86_64
rh-nodejs12-nodejs-12.18.4-3.el7.x86_64.rpm SHA-256: 4d7c1b5d4a70be9afb04517827ead94c3945e2ce27d6ae9e6e04dd201cdab76b
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.x86_64.rpm SHA-256: 2eb05a5a75ef086f2404f1fc77feeae5047b6720340d9470382516aeb1ff1c98
rh-nodejs12-nodejs-devel-12.18.4-3.el7.x86_64.rpm SHA-256: 3460d6d19c1ba2b11c9ade9b1eee88776a0e08947fe56d730d5b360018638268
rh-nodejs12-nodejs-docs-12.18.4-3.el7.noarch.rpm SHA-256: addb632cf0ffaba27d8f33835827af7c531d2e558d83cdb37a717c0624827b53
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.x86_64.rpm SHA-256: 8dcd22361a6096e81515a4c064fe5c6afbe0c38a5254b0900a7dff3b10dc6db1

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility