Lucene search

K
altlinuxHttps://packages.altlinux.org/en/sisyphus/security/D107334E579E933EEE7F0646664CD75E
HistorySep 30, 2022 - 12:00 a.m.

Security fix for the ALT Linux 10 package node version 16.17.1-alt1

2022-09-3000:00:00
https://packages.altlinux.org/en/sisyphus/security/
packages.altlinux.org
10

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

0.006 Low

EPSS

Percentile

78.4%

Sept. 30, 2022 Vitaly Lipatov 16.17.1-alt1

- new version 16.17.1 (with rpmrb script)
- set npm >= 8.15.0
- CVE-2022-32212: DNS rebinding in --inspect on macOS (High)
- CVE-2022-32213: bypass via obs-fold mechanic (Medium)
- CVE-2022-35255: Weak randomness in WebCrypto keygen
- CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

0.006 Low

EPSS

Percentile

78.4%