<div dir="ltr"><div>Hello,</div><div><br></div><div>I am Vaibhav Pagar and I am reaching out to you regarding query about the container images of Node.js which you are maintaining. <br></div><div>One my customer is using below 2 container images which are affected by the given CVE's</div><div><br></div><div>~~~</div><div>1] Image Node.js 10 <br><br><a href="https://catalog.redhat.com/software/containers/ubi8/nodejs-10/5c839aa3d70cc51dd4c425d9?container-tabs=overview">https://catalog.redhat.com/software/containers/ubi8/nodejs-10/5c839aa3d70cc51dd4c425d9?container-tabs=overview</a><br><br>Affected by two CVE's :-<br><br>  > CVE-2020-13777       Fixed with >>  RHSA-2020:2637  on 2020-06-22<br>  > CVE-2020-11080       Fixed with >>  RHSA-2020:2755  on 2020-06-25<br><br>Both of the above CVE's are marked as important so their fix will be released in container images soon as the actual fix for the package is already released. <br><br><br><br>2] Image Node.js 12 <br><br><a href="https://catalog.redhat.com/software/containers/ubi8/nodejs-12/5d3fff015a13461f5fb8635a?container-tabs=security">https://catalog.redhat.com/software/containers/ubi8/nodejs-12/5d3fff015a13461f5fb8635a?container-tabs=security</a><br><br>Affected by two CVE's:-<br><br>  > CVE-2020-13777       Fixed with >>  RHSA-2020:2637  on 2020-06-22<br>  > CVE-2020-11080       Fixed with >>  RHSA-2020:2755  on 2020-06-25<br></div><div>~~~</div><div><br></div><div>I can see for both the CVE's the fix is already released for the affected packages, so when can we expect the fix in Node.js  container images? <br></div><div>Customers want to get this fix asap as the CVE is marked as important and they said that it's affecting their deployments. <br></div><div>Can you please let me know any ETA for the fix? <br></div><div><br></div><div>Thank you,</div><div><br></div><div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div><div dir="ltr"><span><div><div dir="ltr"><span><div><div dir="ltr"><p style="color:rgb(0,0,0);font-family:overpass,sans-serif;font-weight:bold;margin:0px;padding:0px;font-size:14px;text-transform:uppercase;direction:ltr;line-height:120%;text-align:left"><span>Vaibhav Pagar</span><span></span></p><p style="color:rgb(0,0,0);font-family:overpass,sans-serif;font-size:10px;margin:0px 0px 4px;text-transform:uppercase;direction:ltr;line-height:120%;text-align:left"><span>TECHNICAL SUPPORT ENGINEER</span><span style="color:rgb(170,170,170);margin:0px">, <br></span></p><span style="color:rgb(0,0,0);font-family:overpass,sans-serif;font-size:medium"><p style="font-size:10px;margin:0px;color:rgb(153,153,153);direction:ltr;line-height:120%;text-align:left"><span></span></p><p style="font-weight:normal;margin:0px;font-size:10px;color:rgb(153,153,153)"><a style="color:rgb(0,136,206);font-size:10px;margin:0px;text-decoration:none;font-family:overpass,sans-serif" href="https://www.redhat.com" target="_blank"><span>Red Hat India Pvt. Ltd.</span></a></p>


<p style="font-weight:normal;margin:0px 0px 6px;font-size:10px;color:rgb(153,153,153)"><span style="margin:0px;padding:0px">
<a style="color:rgb(0,136,206);font-size:10px;margin:0px;text-decoration:none;font-family:overpass,sans-serif" href="mailto:vpagar@redhat.com" target="_blank">vpagar@redhat.com</a>   </span>
<span href="tel:9823430944">M: <a href="http://redhatemailsignature-marketing.itos.redhat.com/" style="color:rgb(0,136,206);font-size:11px;margin:0px;text-decoration:none;font-family:overpass,sans-serif" target="_blank">7588040831</a>     </span>
</p>
<a href="https://red.ht/sig" target="_blank"> <img src="https://www.redhat.com/profiles/rh/themes/redhatdotcom/img/logo-red-hat-black.png" width="90" height="auto"></a></span><p></p><span style="color:rgb(0,0,0);font-family:overpass,sans-serif;font-size:medium"></span><a href="https://twitter.com/redhatnews" title="twitter" style="background:transparent url("https://www.redhat.com/files/brand/email/sm-twitter.png") no-repeat scroll 0px 50%/16px auto;height:20px;text-decoration:none;color:rgb(119,119,119);display:inline-block;line-height:20px;padding-left:16px" target="_blank">@redhatnews</a>   <a href="https://www.linkedin.com/company/red-hat" title="LinkedIn" style="background:transparent url("https://www.redhat.com/files/brand/email/sm-linkedin.png") no-repeat scroll 0px 50%/16px auto;height:20px;text-decoration:none;color:rgb(119,119,119);display:inline-block;line-height:20px;padding-left:16px" target="_blank">Red Hat</a>   <a href="https://www.facebook.com/RedHatInc" title="Facebook" style="background:transparent url("https://www.redhat.com/files/brand/email/sm-facebook.png") no-repeat scroll 0px 50%/16px auto;height:20px;text-decoration:none;color:rgb(119,119,119);display:inline-block;line-height:20px;padding-left:16px" target="_blank">Red Hat</a></div></div></span></div></div></span></div></div></div></div></div></div></div></div></div></div>