8 matches found
SUSE SLES15 / openSUSE 15 Security Update : nodejs16 (SUSE-SU-2022:3251-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3251-1 advisory. - CVE-2022-35949: Fixed SSRF when an application takes in user input into the path/pathname option of undici.request...
SUSE: Security Advisory (SUSE-SU-2022:3251-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2022:3250-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for nodejs16 (SUSE-SU-2022:3250-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2022:3196-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3196-1 advisory. - CVE-2022-35949: Fixed SSRF when an application takes in user input into the path/pathname option of undici.request bsc1202382. -...
SUSE: Security Advisory (SUSE-SU-2022:3196-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to loss of confidentiality due to CVE-2022-35948 and CVE-2022-35949
Summary Node.js module undici is used by IBM App Connect Enterprise Certified Container when testing API endpoints. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use the API testing capability may be vulnerable to loss of confidentiality if made to target an API...
CVE-2022-35949
CVE-2022-35949 (undici SSRF) : Undici’s HTTP/1.1 client is vulnerable to SSRF when user input is passed into the pathname option of undici.request, allowing an attacker to cause requests to be sent to internal hosts (e.g., 127.0.0.1) by manipulating the path. The issue arises from combining the b...