-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with NodeJS version 10.24.0. This release addresses vulnerabilities related to CVE-2020-8265, CVE-2020-8287, and CVE-2020-1971. We strongly encourage all NodeJS users to update to version 10.24.0.
 
 
AFFECTED VERSIONS
All versions of NodeJS through 10.23.3.

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2020-8265 - HIGH

NodeJS 10.24.0
Fixed bug related to CVE-2020-8265.

CVE-2020-8287 - MEDIUM

NodeJS 10.24.0
Fixed bug related to CVE-2020-8287.

CVE-2020-1971 - MEDIUM

NodeJS 10.24.0
Fixed bug related to CVE-2020-1971.



SOLUTION
cPanel, L.L.C. has released updated RPMs for EasyApache 4 on March 3, 2021, with an updated version of NodeJS 10.24.0. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.

 
REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2020-8265
https://nvd.nist.gov/vuln/detail/CVE-2020-8287
https://nvd.nist.gov/vuln/detail/CVE-2020-1971
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V10.md#10.24.0













-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmA//E4UHHNlY3VyaXR5
QGNwYW5lbC5uZXQACgkQlSG+3KvZTd9NuRAAqw7xyEWJ17RYrQE+qDcbpRjqzcOC
yiN5GYG8hQQbyMvzwvWc4duXTvwOIVFoFtPasatR1INCVLYBS9mRCRrs+lKT3h9X
DsdQ7jnyyD2kuNYHKjZ+TvDXGVgEQxFLnOY98mD58wrtURETFEUKjY2A65TJi0Ka
MyqR/5fk04GlO8YMog0Hy9sCCeAul8KHkqtt6lpoRt5Sw3IdVM1hLCZef6kjVQ4J
2WTKG6h3MEvUPl3CeIIRP+ljStyguK9f3UQ3ZpLtPBZkATiIGbG06rsy3ZcH1GvV
tKu0Vh25LYa3ZAp0MtezfJZGGNFghUEX3pe6VCFk5bEngZKoepTyVrJCjX8RIKo0
zgVFi7IH7BgVsh/MCa7aFnSEeyqDF9STLug5NqALTcdVOFtqH6y6Spq9a4KygrQ5
5LldIYzGnbxwdWGk+1RrpgNrncAndoZEdzh+NrpMU6WvheogmGavhvFHk5WyRczD
hlnnT5VSv8oZwHh0nGQPhWJ0b0u/MIQH7wOv074KHwXPcka6GHleCUAmt2h+Kn9R
tlXxlngzfFvEmLfsGrXpJICi8hNrTx+1v6gjcsoYpTN30SOagMRkxLC/BoGjZW+0
TGrWZGGXhfyLhb+fU5cW9stZf7AhjZyWwT2X4XYUSvlG4uSWGZ0n5L2CnynTRC9R
RYsCSIPesMlMec8=
=WeV7
-----END PGP SIGNATURE-----