Lucene search

openSUSE: Security Advisory for nodejs12 (openSUSE-SU-2022:0113-1)

Security Advisory for nodejs12 openSUSE Leap 15.

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 190
IBM Security Bulletins	Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple CVEs in Node.js	8 Apr 202214:56	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in the Open Source Node.js runtime affect IBM Event Streams (CVE-2021-44533, CVE-2022-21824, CVE-2021-44531, CVE-2021-44532)	12 Jul 202215:05	–	ibm
IBM Security Bulletins	Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Node.js (CVE-2021-44532, CVE-2021-44533, CVE-2022-21824)	22 Apr 202220:57	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Pak for Watson AIOps Infrastructure Automation	21 Oct 202217:36	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and IBM Business Process Manager (BPM)	9 May 202209:49	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to string injection vulnerability due to Node.js (CVE-2021-44532, CVE-2021-44532 )	9 May 202223:23	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in node.js	14 Apr 202215:54	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js	26 May 202201:19	–	ibm
IBM Security Bulletins	Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Node.js.	27 Apr 202223:07	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in PostgreSQL, Node.js, and Data Tables from Spry Media may affect IBM Spectrum Protect Plus	31 Jan 202218:22	–	ibm

Source	Link
lists	www.lists.opensuse.org/archives/list/[email protected]/thread/2IPUTP7LOLL5OLSQNM5GFCXGYDJHU7FP
	www.0113-1

# Copyright (C) 2022 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.854430");
  script_version("2025-02-28T05:38:49+0000");
  script_cve_id("CVE-2021-44531", "CVE-2021-44532", "CVE-2021-44533", "CVE-2022-21824");
  script_tag(name:"cvss_base", value:"6.4");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:P/A:P");
  script_tag(name:"last_modification", value:"2025-02-28 05:38:49 +0000 (Fri, 28 Feb 2025)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2022-03-08 16:41:00 +0000 (Tue, 08 Mar 2022)");
  script_tag(name:"creation_date", value:"2022-02-08 08:15:31 +0000 (Tue, 08 Feb 2022)");
  script_name("openSUSE: Security Advisory for nodejs12 (openSUSE-SU-2022:0113-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2022 Greenbone Networks GmbH");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/opensuse", "ssh/login/rpms", re:"ssh/login/release=openSUSELeap15\.3");

  script_xref(name:"Advisory-ID", value:"openSUSE-SU-2022:0113-1");
  script_xref(name:"URL", value:"https://lists.opensuse.org/archives/list/[email protected]/thread/2IPUTP7LOLL5OLSQNM5GFCXGYDJHU7FP");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'nodejs12'
  package(s) announced via the openSUSE-SU-2022:0113-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"This update for nodejs12 fixes the following issues:

  - CVE-2021-44531: Fixed improper handling of URI Subject Alternative Names
       (bsc#1194511).

  - CVE-2021-44532: Fixed certificate Verification Bypass via String
       Injection (bsc#1194512).

  - CVE-2021-44533: Fixed incorrect handling of certificate subject and
       issuer fields (bsc#1194513).

  - CVE-2022-21824: Fixed prototype pollution via console.table properties
       (bsc#1194514).");

  script_tag(name:"affected", value:"'nodejs12' package(s) on openSUSE Leap 15.3.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "openSUSELeap15.3") {

  if(!isnull(res = isrpmvuln(pkg:"nodejs12", rpm:"nodejs12~12.22.9~4.25.1", rls:"openSUSELeap15.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"nodejs12-debuginfo", rpm:"nodejs12-debuginfo~12.22.9~4.25.1", rls:"openSUSELeap15.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"nodejs12-debugsource", rpm:"nodejs12-debugsource~12.22.9~4.25.1", rls:"openSUSELeap15.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"nodejs12-devel", rpm:"nodejs12-devel~12.22.9~4.25.1", rls:"openSUSELeap15.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"npm12", rpm:"npm12~12.22.9~4.25.1", rls:"openSUSELeap15.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"nodejs12-docs", rpm:"nodejs12-docs~12.22.9~4.25.1", rls:"openSUSELeap15.3"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

08 Feb 2022 00:00Current

7.2High risk

Vulners AI Score7.2

CVSS26.4

CVSS38.2

EPSS0.00404