{"id":"MGASA-2016-0307","summary":"Updated nodejs packages fix security vulnerability","details":"Under certain conditions, V8 may improperly expand memory allocations in\nthe Zone::New function. This could potentially be used to cause a Denial\nof Service via buffer overflow or as a trigger for a remote code execution\n(CVE-2016-1669).\n\nThe primary npm registry has used HTTP bearer tokens to authenticate\nrequests from the npm command-line interface. Due to a design flaw in the\nCLI, these bearer tokens were sent with every request made by the CLI for\nlogged-in users, regardless of the destination of the request. This flaw\nallows an attacker to set up an HTTP server that could collect\nauthentication information they could use to impersonate the users whose\ntokens they collected. This impersonation would allow them to do anything\nthe compromised users could do, including publishing new versions of\npackages.\n","modified":"2026-04-16T06:25:12.484035621Z","published":"2016-09-21T20:38:22Z","upstream":["CVE-2016-1669"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0307.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=18481"},{"type":"WEB","url":"https://nodejs.org/en/blog/release/v0.10.44/"},{"type":"WEB","url":"https://nodejs.org/en/blog/release/v0.10.45/"},{"type":"WEB","url":"https://nodejs.org/en/blog/release/v0.10.46/"},{"type":"WEB","url":"https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/"},{"type":"WEB","url":"https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/"}],"affected":[{"package":{"name":"nodejs","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/nodejs?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.10.46-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0307.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}