68 matches found
SUSE CVE-2017-15896
Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSLread due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption...
SUSE-SU-2022:3524-1 Security update for nodejs16
This update for nodejs16 fixes the following issues: Updated to version 16.17.1: - CVE-2022-32213: Fixed bypass via obs-fold mechanic bsc1201325. - CVE-2022-32215: Fixed incorrect Parsing of Multi-line Transfer-Encoding bsc1201327. - CVE-2022-35256: Fixed incorrect Parsing of Header Fields...
SUSE-SU-2022:3250-1 Security update for nodejs16
This update for nodejs16 fixes the following issues: - CVE-2022-35949: Fixed SSRF when an application takes in user input into the path/pathname option of undici.request bsc1202382. - CVE-2022-35948: Fixed CRLF injection via Content-Type bsc1202383. - CVE-2022-29244: Fixed npm pack ignores...
@abramltd/jwt-oauth2-middleware (=0.1.0), @aerocorp/cli (=7.0.5) +172 more potentially affected by CVE-2020-26938 via oauth2-server (>=2.2.2 <=3.1.1)
oauth2-server NPM version =2.2.2, =1.0.0, =0.0.1, =2.1.0, =3.0.0, =0.4.1, =0.1.0, =3.0.0, =3.0.0, =3.5.8 and more Source cves: CVE-2020-26938 Source advisory: OSV:GHSA-4RG6-FM25-GC34...
SUSE-SU-2022:2417-1 Security update for nodejs12
This update for nodejs12 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses bsc1201328. - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding bsc1201325. - CVE-2022-32214: Fixed HTTP request smuggling due to...
DSA-5170-1 nodejs - security update
Bulletin has no description...
SUSE-SU-2022:1694-1 Security update for nodejs8
This update for nodejs8 fixes the following issues: - CVE-2021-44906: Fixed prototype pollution in npm dependency bsc1198247. - CVE-2021-44907: Fixed insuficient sanitation in npm dependency bsc1197283. - CVE-2022-0235: Fixed passing of cookie data and sensitive headers to different hostnames in...
SUSE-SU-2022:1459-1 Security update for nodejs14
This update for nodejs14 fixes the following issues: - CVE-2022-0778: Fixed a infinite loop in BNmodsqrt reachable when parsing certificates bsc1196877. - CVE-2021-44906: Fixed a prototype pollution in node-minimist bsc1198247. - CVE-2021-44907: Fixed a potential Denial of Service vulnerability i...
AZL-8840 CVE-2021-44531 affecting package nodejs for versions less than 16.14.0-1
Accepting arbitrary Subject Alternative Name SAN types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use...
OPENSUSE-SU-2021:3940-1 Security update for nodejs12
This update for nodejs12 fixes the following issues: - CVE-2021-22959: Fixed HTTP Request Smuggling due to spaced in headers bsc1191601. - CVE-2021-22960: Fixed HTTP Request Smuggling when parsing the body bsc1191602. - CVE-2021-37701: Fixed arbitrary file creation and overwrite in nodejs-tar...
SUSE-SU-2021:3940-1 Security update for nodejs12
This update for nodejs12 fixes the following issues: - CVE-2021-22959: Fixed HTTP Request Smuggling due to spaced in headers bsc1191601. - CVE-2021-22960: Fixed HTTP Request Smuggling when parsing the body bsc1191602. - CVE-2021-37701: Fixed arbitrary file creation and overwrite in nodejs-tar...
SUSE-SU-2021:2620-1 Security update for nodejs8
This update for nodejs8 fixes the following issues: - update to npm 6.14.13 - CVE-2021-27290: Fixed ssri Regular Expression Denial of Service. bsc1187976 - CVE-2021-23362: Fixed hosted-git-info Regular Expression Denial of Service bsc1187977 - CVE-2021-22884: DNS rebinding in --inspect bsc1182620...
SUSE-SU-2021:0673-1 Security update for nodejs10
This update for nodejs10 fixes the following issues: New upstream LTS version 10.24.0: - CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion bsc1182619 - CVE-2021-22884: DNS rebinding in --inspect bsc1182620 - CVE-2021-23840: OpenSSL - Integer overflow in...
OPENSUSE-SU-2021:0357-1 Security update for nodejs12
This update for nodejs12 fixes the following issues: New upstream LTS version 12.21.0: - CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion bsc1182619 - CVE-2021-22884: DNS rebinding in --inspect bsc1182620 - CVE-2021-23840: OpenSSL - Integer overflow in...
DSA-4863-1 nodejs - security update
Bulletin has no description...
SUSE-SU-2021:0082-1 Security update for nodejs10
This update for nodejs10 fixes the following issues: - New upstream LTS version 10.23.1: CVE-2020-8265: use-after-free in TLSWrap High bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as...
SUSE-SU-2021:0062-1 Security update for nodejs12
This update for nodejs12 fixes the following issues: - New upstream LTS version 12.20.1: CVE-2020-8265: use-after-free in TLSWrap High bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as...
SUSE-SU-2020:1576-1 Security update for nodejs8
This update for nodejs8 fixes the following issues: - CVE-2020-8174: Fixed multiple memory corruption in napigetvaluestring bsc1172443. - CVE-2020-11080: Fixed a potential denial of service when receiving unreasonably large HTTP/2 SETTINGS frames bsc1172442. - CVE-2020-7598: Fixed an issue which...
SUSE-SU-2020:1568-1 Security update for nodejs10
This update for nodejs10 fixes the following issues: nodejs10 was updated to version 10.21.0 - CVE-2020-8174: Fixed multiple memory corruption in napigetvaluestring bsc1172443. - CVE-2020-11080: Fixed a potential denial of service when receiving unreasonably large HTTP/2 SETTINGS frames bsc117244...
OPENSUSE-SU-2020:0059-1 Security update for nodejs8
This update for nodejs8 to version 8.17.0 fixes the following issues: Security issues fixed: - CVE-2019-16777, CVE-2019-16776, CVE-2019-16775: Updated npm to 6.13.4, fixing an arbitrary path overwrite and access via 'bin' field bsc1159352. This update was imported from the SUSE:SLE-15:Update upda...